fix(openid): use the calculated redirect url when authenticating with openid providers

2024-01-28 12:41:35 +01:00
parent a20f6ac815
commit ce53663a88
5 changed files with 14 additions and 22 deletions
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -65,10 +65,9 @@ const (
 	ServiceEnableUserDeletion    Key = `service.enableuserdeletion`
 	ServiceMaxAvatarSize         Key = `service.maxavatarsize`

-	AuthLocalEnabled      Key = `auth.local.enabled`
-	AuthOpenIDEnabled     Key = `auth.openid.enabled`
-	AuthOpenIDRedirectURL Key = `auth.openid.redirecturl`
-	AuthOpenIDProviders   Key = `auth.openid.providers`
+	AuthLocalEnabled    Key = `auth.local.enabled`
+	AuthOpenIDEnabled   Key = `auth.openid.enabled`
+	AuthOpenIDProviders Key = `auth.openid.providers`

 	LegalImprintURL Key = `legal.imprinturl`
 	LegalPrivacyURL Key = `legal.privacyurl`
@ -451,10 +450,6 @@ func InitConfig() {
 		ServiceFrontendurl.Set(ServiceFrontendurl.GetString() + "/")
 	}

-	if AuthOpenIDRedirectURL.GetString() == "" {
-		AuthOpenIDRedirectURL.Set(ServiceFrontendurl.GetString() + "auth/openid/")
-	}
-
 	if MigrationTodoistRedirectURL.GetString() == "" {
 		MigrationTodoistRedirectURL.Set(ServiceFrontendurl.GetString() + "migrate/todoist")
 	}
--- a/pkg/modules/auth/openid/openid.go
+++ b/pkg/modules/auth/openid/openid.go
@ -40,8 +40,9 @@ import (

 // Callback contains the callback after an auth request was made and redirected
 type Callback struct {
-	Code  string `query:"code" json:"code"`
-	Scope string `query:"scop" json:"scope"`
+	Code        string `query:"code" json:"code"`
+	Scope       string `query:"scop" json:"scope"`
+	RedirectUrl string `json:"redirect_url"`
 }

 // Provider is the structure of an OpenID Connect provider
@ -103,6 +104,8 @@ func HandleCallback(c echo.Context) error {
 		return c.JSON(http.StatusBadRequest, models.Message{Message: "Provider does not exist"})
 	}

+	provider.Oauth2Config.RedirectURL = cb.RedirectUrl
+
 	// Parse the access & ID token
 	oauth2Token, err := provider.Oauth2Config.Exchange(context.Background(), cb.Code)
 	if err != nil {
--- a/pkg/modules/auth/openid/providers.go
+++ b/pkg/modules/auth/openid/providers.go
@ -149,7 +149,6 @@ func getProviderFromMap(pi map[string]interface{}) (provider *Provider, err erro
 	provider.Oauth2Config = &oauth2.Config{
 		ClientID:     provider.ClientID,
 		ClientSecret: provider.ClientSecret,
-		RedirectURL:  config.AuthOpenIDRedirectURL.GetString() + k,
 		// Discovery returns the OAuth2 endpoints.
 		Endpoint: provider.openIDProvider.Endpoint(),

--- a/pkg/routes/api/v1/info.go
+++ b/pkg/routes/api/v1/info.go
@ -63,9 +63,8 @@ type localAuthInfo struct {
 }

 type openIDAuthInfo struct {
-	Enabled     bool               `json:"enabled"`
-	RedirectURL string             `json:"redirect_url"`
-	Providers   []*openid.Provider `json:"providers"`
+	Enabled   bool               `json:"enabled"`
+	Providers []*openid.Provider `json:"providers"`
 }

 type legalInfo struct {
@ -109,8 +108,7 @@ func Info(c echo.Context) error {
 				Enabled: config.AuthLocalEnabled.GetBool(),
 			},
 			OpenIDConnect: openIDAuthInfo{
-				Enabled:     config.AuthOpenIDEnabled.GetBool(),
-				RedirectURL: config.AuthOpenIDRedirectURL.GetString(),
+				Enabled: config.AuthOpenIDEnabled.GetBool(),
 			},
 		},
 	}