Commit 07c9a990 authored by ale's avatar ale

Redirect the user to a configurable URL when accessing homepage by mistake

Fixes issue #6.
parent b1c0a012
Pipeline #2145 passed with stages
in 1 minute and 50 seconds
......@@ -36,6 +36,7 @@ type Config struct {
AuthService string `yaml:"auth_service"`
U2FAppID string `yaml:"u2f_app_id"`
URLPrefix string `yaml:"url_path_prefix"`
HomepageRedirectURL string `yaml:"homepage_redirect_url"`
DeviceManager *device.Config `yaml:"device_manager"`
KeyStore *clientutil.BackendConfig `yaml:"keystore"`
KeyStoreEnableGroups []string `yaml:"keystore_enable_groups"`
......@@ -45,26 +46,23 @@ type Config struct {
}
// Check syntax (missing required values).
//
// nolint: gocyclo
func (c *Config) valid() error {
if c.SecretKeyFile == "" {
switch {
case c.SecretKeyFile == "":
return errors.New("secret_key_file is empty")
}
if c.PublicKeyFile == "" {
case c.PublicKeyFile == "":
return errors.New("public_key_file is empty")
}
if c.Domain == "" {
case c.Domain == "":
return errors.New("domain is empty")
}
if len(c.AllowedServices) == 0 {
case len(c.AllowedServices) == 0:
return errors.New("the list of allowed services is empty")
}
if c.AuthService == "" {
case c.AuthService == "":
return errors.New("auth_service is empty")
}
if c.U2FAppID != "" && !strings.HasPrefix(c.U2FAppID, "https://") {
case c.U2FAppID != "" && !strings.HasPrefix(c.U2FAppID, "https://"):
return errors.New("u2f_app_id does not start with https://")
}
if c.URLPrefix != "" && !strings.HasPrefix(c.URLPrefix, "/") {
case c.URLPrefix != "" && !strings.HasPrefix(c.URLPrefix, "/"):
return errors.New("url_path_prefix does not start with /")
}
......
......@@ -93,6 +93,7 @@ type Server struct {
csrfSecret []byte
tpl *template.Template
urlPrefix string
homepageRedirectURL string
}
func sl2bl(sl []string) [][]byte {
......@@ -120,6 +121,7 @@ func New(loginService *LoginService, authClient authclient.Client, config *Confi
authSessionStore: store,
loginService: loginService,
urlPrefix: urlPrefix,
homepageRedirectURL: config.HomepageRedirectURL,
tpl: parseEmbeddedTemplates(),
}
if config.CSRFSecret != "" {
......@@ -252,6 +254,19 @@ func (h *Server) handleHomepage(w http.ResponseWriter, req *http.Request, sessio
}
}
// If the above parameters are unset, we're probably faced with a user
// that reached this URL by other means. Redirect them to the
// configured homepageRedirectURL, or at least return a slightly more
// user-friendly error.
if service == "" || destination == "" {
if h.homepageRedirectURL != "" {
http.Redirect(w, req, h.homepageRedirectURL, http.StatusFound)
} else {
http.Error(w, "You are not supposed to reach this page directly. Use the back button in your browser instead.", http.StatusBadRequest)
}
return
}
// Make the authorization request.
token, err := h.loginService.Authorize(username, service, destination, nonce, groups)
if err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment