Commit 07c9a990 authored by ale's avatar ale

Redirect the user to a configurable URL when accessing homepage by mistake

Fixes issue #6.
parent b1c0a012
Pipeline #2145 passed with stages
in 1 minute and 50 seconds
...@@ -36,6 +36,7 @@ type Config struct { ...@@ -36,6 +36,7 @@ type Config struct {
AuthService string `yaml:"auth_service"` AuthService string `yaml:"auth_service"`
U2FAppID string `yaml:"u2f_app_id"` U2FAppID string `yaml:"u2f_app_id"`
URLPrefix string `yaml:"url_path_prefix"` URLPrefix string `yaml:"url_path_prefix"`
HomepageRedirectURL string `yaml:"homepage_redirect_url"`
DeviceManager *device.Config `yaml:"device_manager"` DeviceManager *device.Config `yaml:"device_manager"`
KeyStore *clientutil.BackendConfig `yaml:"keystore"` KeyStore *clientutil.BackendConfig `yaml:"keystore"`
KeyStoreEnableGroups []string `yaml:"keystore_enable_groups"` KeyStoreEnableGroups []string `yaml:"keystore_enable_groups"`
...@@ -45,26 +46,23 @@ type Config struct { ...@@ -45,26 +46,23 @@ type Config struct {
} }
// Check syntax (missing required values). // Check syntax (missing required values).
//
// nolint: gocyclo
func (c *Config) valid() error { func (c *Config) valid() error {
if c.SecretKeyFile == "" { switch {
case c.SecretKeyFile == "":
return errors.New("secret_key_file is empty") return errors.New("secret_key_file is empty")
} case c.PublicKeyFile == "":
if c.PublicKeyFile == "" {
return errors.New("public_key_file is empty") return errors.New("public_key_file is empty")
} case c.Domain == "":
if c.Domain == "" {
return errors.New("domain is empty") return errors.New("domain is empty")
} case len(c.AllowedServices) == 0:
if len(c.AllowedServices) == 0 {
return errors.New("the list of allowed services is empty") return errors.New("the list of allowed services is empty")
} case c.AuthService == "":
if c.AuthService == "" {
return errors.New("auth_service is empty") return errors.New("auth_service is empty")
} case c.U2FAppID != "" && !strings.HasPrefix(c.U2FAppID, "https://"):
if c.U2FAppID != "" && !strings.HasPrefix(c.U2FAppID, "https://") {
return errors.New("u2f_app_id does not start with https://") return errors.New("u2f_app_id does not start with https://")
} case c.URLPrefix != "" && !strings.HasPrefix(c.URLPrefix, "/"):
if c.URLPrefix != "" && !strings.HasPrefix(c.URLPrefix, "/") {
return errors.New("url_path_prefix does not start with /") return errors.New("url_path_prefix does not start with /")
} }
......
...@@ -93,6 +93,7 @@ type Server struct { ...@@ -93,6 +93,7 @@ type Server struct {
csrfSecret []byte csrfSecret []byte
tpl *template.Template tpl *template.Template
urlPrefix string urlPrefix string
homepageRedirectURL string
} }
func sl2bl(sl []string) [][]byte { func sl2bl(sl []string) [][]byte {
...@@ -120,6 +121,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi ...@@ -120,6 +121,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
authSessionStore: store, authSessionStore: store,
loginService: loginService, loginService: loginService,
urlPrefix: urlPrefix, urlPrefix: urlPrefix,
homepageRedirectURL: config.HomepageRedirectURL,
tpl: parseEmbeddedTemplates(), tpl: parseEmbeddedTemplates(),
} }
if config.CSRFSecret != "" { if config.CSRFSecret != "" {
...@@ -252,6 +254,19 @@ func (h *Server) handleHomepage(w http.ResponseWriter, req *http.Request, sessio ...@@ -252,6 +254,19 @@ func (h *Server) handleHomepage(w http.ResponseWriter, req *http.Request, sessio
} }
} }
// If the above parameters are unset, we're probably faced with a user
// that reached this URL by other means. Redirect them to the
// configured homepageRedirectURL, or at least return a slightly more
// user-friendly error.
if service == "" || destination == "" {
if h.homepageRedirectURL != "" {
http.Redirect(w, req, h.homepageRedirectURL, http.StatusFound)
} else {
http.Error(w, "You are not supposed to reach this page directly. Use the back button in your browser instead.", http.StatusBadRequest)
}
return
}
// Make the authorization request. // Make the authorization request.
token, err := h.loginService.Authorize(username, service, destination, nonce, groups) token, err := h.loginService.Authorize(username, service, destination, nonce, groups)
if err != nil { if err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment