Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity

connector: fix path that connectors listen on

Browse source 
When Dex uses a non-root issuer URL, it current assumes that all
path prefixes will be trimmed by an upstream proxy (e.g. nginx).
This means that all paths rendered in HTML will be absolute to the
prefix, but the handlers still listen at the root.

Connectors are currently the only component that registers at a
non-root URL. Make this conform with the rest of Dex by having the
server determine the path the connector listens as rather than the
connector itself.
This commit is contained in:
Eric Chiang 2016-07-25 12:37:24 -07:00
parent 216d26913f
commit 8216a3d992
7 changed files with 20 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
connector/connector_ldap.go
View file

@ -251,9 +251,9 @@ func (c *LDAPConnector) LoginURL(sessionKey, prompt string) (string, error) {
return path.Join(c.namespace.Path, "login") + "?" + enc, nil return path.Join(c.namespace.Path, "login") + "?" + enc, nil
} }
func (c *LDAPConnector) Register(mux *http.ServeMux, errorURL url.URL) { func (c *LDAPConnector) Handler(errorURL url.URL) http.Handler {
route := path.Join(c.namespace.Path, "login") route := path.Join(c.namespace.Path, "/login")
mux.Handle(route, handlePasswordLogin(c.loginFunc, c.loginTpl, c, route, errorURL)) return handlePasswordLogin(c.loginFunc, c.loginTpl, c, route, errorURL)
} }
func (c *LDAPConnector) Sync() chan struct{} { func (c *LDAPConnector) Sync() chan struct{} {

6
connector/connector_local.go
View file

@ -85,9 +85,9 @@ func (c *LocalConnector) LoginURL(sessionKey, prompt string) (string, error) {
return path.Join(c.namespace.Path, "login") + "?" + enc, nil return path.Join(c.namespace.Path, "login") + "?" + enc, nil
} }
func (c *LocalConnector) Register(mux *http.ServeMux, errorURL url.URL) { func (c *LocalConnector) Handler(errorURL url.URL) http.Handler {
route := c.namespace.Path + "/login" route := path.Join(c.namespace.Path, "/login")
mux.Handle(route, handlePasswordLogin(c.loginFunc, c.loginTpl, c.idp, route, errorURL)) return handlePasswordLogin(c.loginFunc, c.loginTpl, c.idp, route, errorURL)
} }
func (c *LocalConnector) Sync() chan struct{} { func (c *LocalConnector) Sync() chan struct{} {

4
connector/connector_oauth2.go
View file

@ -53,8 +53,8 @@ func (c *OAuth2Connector) LoginURL(sessionKey, prompt string) (string, error) {
return c.conn.Client().AuthCodeURL(sessionKey, oauth2.GrantTypeAuthCode, prompt), nil return c.conn.Client().AuthCodeURL(sessionKey, oauth2.GrantTypeAuthCode, prompt), nil
} }
func (c *OAuth2Connector) Register(mux *http.ServeMux, errorURL url.URL) { func (c *OAuth2Connector) Handler(errorURL url.URL) http.Handler {
mux.Handle(c.cbURL.Path, c.handleCallbackFunc(c.loginFunc, errorURL)) return c.handleCallbackFunc(c.loginFunc, errorURL)
} }
func (c *OAuth2Connector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL) http.HandlerFunc { func (c *OAuth2Connector) handleCallbackFunc(lf oidc.LoginFunc, errorURL url.URL) http.HandlerFunc {

4
connector/connector_oidc.go
View file

@ -90,8 +90,8 @@ func (c *OIDCConnector) LoginURL(sessionKey, prompt string) (string, error) {
return oac.AuthCodeURL(sessionKey, "", prompt), nil return oac.AuthCodeURL(sessionKey, "", prompt), nil
} }
func (c *OIDCConnector) Register(mux *http.ServeMux, errorURL url.URL) { func (c *OIDCConnector) Handler(errorURL url.URL) http.Handler {
mux.Handle(c.cbURL.Path, c.handleCallbackFunc(c.loginFunc, errorURL)) return c.handleCallbackFunc(c.loginFunc, errorURL)
} }
func (c *OIDCConnector) Sync() chan struct{} { func (c *OIDCConnector) Sync() chan struct{} {

8
connector/interface.go
View file

@ -21,12 +21,12 @@ type Connector interface {
// and OAuth2 prompt type. // and OAuth2 prompt type.
LoginURL(sessionKey, prompt string) (string, error) LoginURL(sessionKey, prompt string) (string, error)
// Register allows connectors to register a callback handler with the // Handler allows connectors to register a callback handler with the
// dex server. // dex server.
// //
// Connectors should register with a path that extends the namespace // Connectors will handle any path that extends the namespace URL provided
// URL provided when the Connector is instantiated. // when the Connector is instantiated.
Register(mux *http.ServeMux, errorURL url.URL) Handler(errorURL url.URL) http.Handler
// Sync triggers any long-running tasks needed to maintain the // Sync triggers any long-running tasks needed to maintain the
// Connector's operation. For example, this would encompass // Connector's operation. For example, this would encompass

4
server/http_test.go
View file

@ -40,7 +40,9 @@ func (f *fakeConnector) LoginURL(sessionKey, prompt string) (string, error) {
return f.loginURL, nil return f.loginURL, nil
} }
func (f *fakeConnector) Register(mux *http.ServeMux, errorURL url.URL) {} func (f *fakeConnector) Handler(errorURL url.URL) http.Handler {
return http.HandlerFunc(http.NotFound)
}
func (f *fakeConnector) Sync() chan struct{} { func (f *fakeConnector) Sync() chan struct{} {
return nil return nil

4
server/server.go
View file

@ -269,7 +269,9 @@ func (s *Server) HTTPHandler() http.Handler {
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
} }
idpc.Register(mux, *errorURL) // NOTE(ericchiang): This path MUST end in a "/" in order to indicate a
// path prefix rather than an absolute path.
mux.Handle(path.Join(httpPathAuth, idpc.ID())+"/", idpc.Handler(*errorURL))
} }
apiBasePath := path.Join(httpPathAPI, APIVersion) apiBasePath := path.Join(httpPathAPI, APIVersion)