fix: sso redirect on /login & /api/login

NodeBB · Dec 3, 2020 · 5d00b08 · 5d00b08
1 parent c7f2640
commit 5d00b08
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js
@@ -145,12 +145,18 @@ ajaxify = window.ajaxify || {};
 				app.alertError('[[global:please_log_in]]');
 				app.previousUrl = url;
 				window.location.href = config.relative_path + '/login';
-			} else if ((status === 302 || status === 308) && typeof data.responseJSON === 'string') {
-				ajaxifyTimer = undefined;
-				if (data.responseJSON.startsWith('http://') || data.responseJSON.startsWith('https://')) {
-					window.location.href = data.responseJSON;
-				} else {
-					ajaxify.go(data.responseJSON.slice(1), callback, quiet);
+			} else if (status === 302 || status === 308) {
+				if (data.responseJSON && data.responseJSON.external) {
+					// this is used by sso plugins to redirect to the auth route
+					// cant use ajaxify.go for /auth/sso routes
+					window.location.href = data.responseJSON.external;
+				} else if (typeof data.responseJSON === 'string') {
+					ajaxifyTimer = undefined;
+					if (data.responseJSON.startsWith('http://') || data.responseJSON.startsWith('https://')) {
+						window.location.href = data.responseJSON;
+					} else {
+						ajaxify.go(data.responseJSON.slice(1), callback, quiet);
+					}
 				}
 			}
 		} else if (textStatus !== 'abort') {

diff --git a/src/controllers/helpers.js b/src/controllers/helpers.js
@@ -145,11 +145,20 @@ helpers.notAllowed = async function (req, res, error) {
 };
 
 helpers.redirect = function (res, url, permanent) {
+	let redirectUrl;
+	// this is used by sso plugins to redirect to the auth route
+	if (url.hasOwnProperty('external')) {
+		url.external = encodeURI(url.external);
+		redirectUrl = url.external;
+	} else {
+		url = encodeURI(url);
+		redirectUrl = url;
+	}
 	if (res.locals.isAPI) {
-		res.set('X-Redirect', encodeURI(url)).status(200).json(encodeURI(url));
+		res.set('X-Redirect', redirectUrl).status(200).json(url);
 	} else {
-		const redirectUrl = url.startsWith('http://') || url.startsWith('https://') ?
-			url : relative_path + url;
+		redirectUrl = redirectUrl.startsWith('http://') || redirectUrl.startsWith('https://') ?
+			redirectUrl : relative_path + redirectUrl;
 		res.redirect(permanent ? 308 : 307, encodeURI(redirectUrl));
 	}
 };

diff --git a/src/controllers/index.js b/src/controllers/index.js
@@ -125,7 +125,7 @@ Controllers.login = async function (req, res) {
 	data.allowLocalLogin = hasLoginPrivilege || parseInt(req.query.local, 10) === 1;
 
 	if (!data.allowLocalLogin && !data.allowRegistration && data.alternate_logins && data.authentication.length === 1) {
-		return helpers.redirect(res, data.authentication[0].url);
+		return helpers.redirect(res, { external: data.authentication[0].url });
 	}
 
 	if (req.loggedIn) {