Use 307 redirects

This is to see if we can send non-GET requests through SSO.

Use 307 redirects
41319c74 · ale · 466c1d30 · 41319c74 · 41319c74 · 41319c74
Commit 41319c74 authored 6 years ago by ale
--- a/httpsso/handler.go
+++ b/httpsso/handler.go
@@ -93,8 +93,8 @@ func (s *SSOWrapper) Wrap(h http.Handler, service string, groups []string) http.
 }

 func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, session *sessions.Session, service string, groups []string) {
-	t := req.FormValue("t")
-	d := req.FormValue("d")
+	t := req.URL.Query().Get("t")
+	d := req.URL.Query().Get("d")

 	// Pop the nonce from the session.
 	nonce, ok := session.Values["nonce"].(string)
@@ -122,7 +122,7 @@ func (s *SSOWrapper) handleLogin(w http.ResponseWriter, req *http.Request, sessi
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	http.Redirect(w, req, d, http.StatusFound)
+	httputil.Redirect(w, req, d)
 }

 func (s *SSOWrapper) handleLogout(w http.ResponseWriter, req *http.Request, session *sessions.Session) {
@@ -156,7 +156,7 @@ func (s *SSOWrapper) redirectToLogin(w http.ResponseWriter, req *http.Request, s
 	v.Set("n", nonce)
 	v.Set("g", strings.Join(groups, ","))
 	loginURL := s.serverURL + "?" + v.Encode()
-	http.Redirect(w, req, loginURL, http.StatusFound)
+	httputil.Redirect(w, req, loginURL)
 }

 // Extract the URL path from the service specification. The result

--- a/httputil/redirect.go
+++ b/httputil/redirect.go
+package httputil
+
+import "net/http"
+
+// A http.Redirect wrapper that picks the redirect status code based
+// on the capabilities of the client (302 for HTTP/1.0, 307 for
+// HTTP/1.1).
+func Redirect(w http.ResponseWriter, req *http.Request, dest string) {
+	status := http.StatusTemporaryRedirect
+	if req.ProtoMajor == 0 || (req.ProtoMajor == 1 && req.ProtoMinor == 0) {
+		status = http.StatusFound
+	}
+	http.Redirect(w, req, dest, status)
+}
--- a/server/http.go
+++ b/server/http.go
@@ -321,7 +321,7 @@ func (h *Server) handleHomepage(w http.ResponseWriter, req *http.Request, sessio

 	// Redirect to service callback.
 	callbackURL := serviceLoginCallback(service, destination, token)
-	http.Redirect(w, req, callbackURL, http.StatusFound)
+	httputil.Redirect(w, req, callbackURL)
 }

 func (h *Server) alreadyLoggedOut(w http.ResponseWriter, req *http.Request) {

--- a/server/http_test.go
+++ b/server/http_test.go
@@ -135,8 +135,8 @@ func checkStatusOk(t testing.TB, resp *http.Response) {
 }

 func checkRedirectToTargetService(t testing.TB, resp *http.Response) {
-	if resp.StatusCode != 302 {
-		t.Fatalf("expected status 302, got %s", resp.Status)
+	if resp.StatusCode != 307 {
+		t.Fatalf("expected status 307, got %s", resp.Status)
 	}
 	if !strings.HasPrefix(resp.Header.Get("Location"), "https://service.example.com/sso_login?") {
 		t.Fatalf("redirect is not to target service: %v", resp.Header.Get("Location"))