From 18c5623190105a5e99e238d7577e7c896220972c Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Fri, 9 May 2025 16:19:15 -0600
Subject: test: test envoy and sparkle via testcontainers

---
 app/controllers/sessions/controller.go |  2 +-
 app/controllers/sessions/service.go    | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/sessions/controller.go b/app/controllers/sessions/controller.go
index afc44f7..e8409a3 100644
--- a/app/controllers/sessions/controller.go
+++ b/app/controllers/sessions/controller.go
@@ -34,7 +34,7 @@ func (c *Controller) New(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	url, nonce := c.svc.GenerateRedirectURL()
+	url, nonce := c.svc.GenerateRedirectURL(r)
 	cookie.Write(w, web.NewCookie(cfg.CSRFCookie, nonce))
 	c.redirectTo(w, r, url)
 }
diff --git a/app/controllers/sessions/service.go b/app/controllers/sessions/service.go
index 2dec9e3..9e74bfb 100644
--- a/app/controllers/sessions/service.go
+++ b/app/controllers/sessions/service.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"net/url"
 
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/app/cfg"
 	"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
@@ -24,11 +25,12 @@ func NewService(cfg *oidc.OpenID, http *http.Client) *Service {
 	}
 }
 
-func (svc *Service) GenerateRedirectURL() (string, string) {
+func (svc *Service) GenerateRedirectURL(r *http.Request) (string, string) {
 	nonce := pls.GenerateRandomHex(32)
 	url := svc.cfg.Config.AuthCodeURL(
 		nonce,
 		oauth2.SetAuthURLParam("audience", svc.cfg.Config.ClientID),
+		oauth2.SetAuthURLParam("redirect_uri", svc.redirectURIFor(r)),
 	)
 	return url, nonce
 }
@@ -45,6 +47,7 @@ func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) {
 	}
 
 	ctx := context.WithValue(r.Context(), oauth2.HTTPClient, svc.http)
+
 	token, err := svc.cfg.Config.Exchange(ctx, r.URL.Query().Get("code"))
 	if err != nil {
 		return nil, err
@@ -56,3 +59,12 @@ func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) {
 	}
 	return tokens, nil
 }
+
+func (svc *Service) redirectURIFor(r *http.Request) string {
+	if len(svc.cfg.Config.RedirectURL) > 0 {
+		return svc.cfg.Config.RedirectURL
+	}
+	redirectURL, _ := url.Parse(r.URL.String())
+	redirectURL.Path = "/session/callback"
+	return redirectURL.String()
+}
-- 
cgit v1.2.3