Pass redirect field in login page to get a proper redirect
This commit is contained in:
parent
23916be991
commit
23af068e17
4 changed files with 40 additions and 2 deletions
|
@ -22,6 +22,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"strconv"
|
"strconv"
|
||||||
|
@ -153,6 +154,7 @@ var (
|
||||||
"buildForwardedFor": buildForwardedFor,
|
"buildForwardedFor": buildForwardedFor,
|
||||||
"trustHTTPHeaders": trustHTTPHeaders,
|
"trustHTTPHeaders": trustHTTPHeaders,
|
||||||
"trustProxyProtocol": trustProxyProtocol,
|
"trustProxyProtocol": trustProxyProtocol,
|
||||||
|
"buildAuthSignURL": buildAuthSignURL,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -690,3 +692,23 @@ func trustProxyProtocol(input interface{}) bool {
|
||||||
return conf.Cfg.RealClientFrom == "tcp-proxy" ||
|
return conf.Cfg.RealClientFrom == "tcp-proxy" ||
|
||||||
(conf.Cfg.RealClientFrom == "auto" && conf.Cfg.UseProxyProtocol)
|
(conf.Cfg.RealClientFrom == "auto" && conf.Cfg.UseProxyProtocol)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func buildAuthSignURL(input interface{}) string {
|
||||||
|
s, ok := input.(string)
|
||||||
|
if !ok {
|
||||||
|
glog.Errorf("expected an 'string' type but %T was returned", input)
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
u, _ := url.Parse(s)
|
||||||
|
q := u.Query()
|
||||||
|
if len(q) == 0 {
|
||||||
|
return fmt.Sprintf("%v?rd=$request_uri", s)
|
||||||
|
}
|
||||||
|
|
||||||
|
if q.Get("rd") != "" {
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
|
return fmt.Sprintf("%v&rd=$request_uri", s)
|
||||||
|
}
|
||||||
|
|
|
@ -354,3 +354,19 @@ func TestBuildRateLimit(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestBuildAuthSignURL(t *testing.T) {
|
||||||
|
cases := map[string]struct {
|
||||||
|
Input, Output string
|
||||||
|
}{
|
||||||
|
"default url": {"http://google.com", "http://google.com?rd=$request_uri"},
|
||||||
|
"with random field": {"http://google.com?cat=0", "http://google.com?cat=0&rd=$request_uri"},
|
||||||
|
"with rd field": {"http://google.com?cat&rd=$request", "http://google.com?cat&rd=$request"},
|
||||||
|
}
|
||||||
|
for k, tc := range cases {
|
||||||
|
res := buildAuthSignURL(tc.Input)
|
||||||
|
if res != tc.Output {
|
||||||
|
t.Errorf("%s: called buildAuthSignURL('%s'); expected '%v' but returned '%v'", k, tc.Input, tc.Output, res)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
@ -727,7 +727,7 @@ stream {
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ if not (empty $location.ExternalAuth.SigninURL) }}
|
{{ if not (empty $location.ExternalAuth.SigninURL) }}
|
||||||
error_page 401 = {{ $location.ExternalAuth.SigninURL }};
|
error_page 401 = {{ buildAuthSignURL $location.ExternalAuth.SigninURL }};
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{/* if the location contains a rate limit annotation, create one */}}
|
{{/* if the location contains a rate limit annotation, create one */}}
|
||||||
|
|
|
@ -2,7 +2,7 @@ apiVersion: extensions/v1beta1
|
||||||
kind: Ingress
|
kind: Ingress
|
||||||
metadata:
|
metadata:
|
||||||
annotations:
|
annotations:
|
||||||
ingress.kubernetes.io/auth-signin: https://$host/oauth2/sign_in
|
ingress.kubernetes.io/auth-signin: https://$host/oauth2/start
|
||||||
ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
|
ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
|
||||||
name: external-auth-oauth2
|
name: external-auth-oauth2
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
|
Loading…
Reference in a new issue