Fixes bug when auth and base are enabled. Fixes #1205 (#1206)

amir20 · May 6, 2021 · b25be0b · b25be0b
1 parent af2ad84
commit b25be0b
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 .PHONY: clean
 clean:
 	@rm -rf static
-	@go clean
+	@go clean -i
 
 .PHONY: static
 static:

diff --git a/web/__snapshots__/web.snapshot b/web/__snapshots__/web.snapshot
@@ -23,6 +23,15 @@ Location: /foobar/
 
 <a href="/foobar/">Moved Permanently</a>.
 
+/* snapshot: Test_createRoutes_redirect_with_auth */
+HTTP/1.1 307 Temporary Redirect
+Connection: close
+Content-Security-Policy: default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; manifest-src 'self'; connect-src 'self' api.github.com; require-trusted-types-for 'script'
+Content-Type: text/html; charset=utf-8
+Location: /foobar/login
+
+<a href="/foobar/login">Temporary Redirect</a>.
+
 /* snapshot: Test_createRoutes_username_password */
 HTTP/1.1 307 Temporary Redirect
 Connection: close

diff --git a/web/auth.go b/web/auth.go
@@ -15,6 +15,7 @@ const authorityKey = "AUTH_TIMESTAMP"
 const sessionName = "session"
 
 func initializeAuth(h *handler) {
+	secured = false
 	if h.config.Username != "" && h.config.Password != "" {
 		store = sessions.NewCookieStore([]byte(h.config.Key))
 		store.Options.HttpOnly = true

diff --git a/web/routes.go b/web/routes.go
@@ -6,6 +6,7 @@ import (
 	"io/fs"
 	"io/ioutil"
 	"net/http"
+	"path"
 
 	"github.com/amir20/dozzle/docker"
 
@@ -83,7 +84,7 @@ func (h *handler) index(w http.ResponseWriter, req *http.Request) {
 		fileServer.ServeHTTP(w, req)
 	} else {
 		if !isAuthorized(req) && req.URL.Path != "login" {
-			http.Redirect(w, req, h.config.Base+"login", http.StatusTemporaryRedirect)
+			http.Redirect(w, req, path.Clean(h.config.Base+"/login"), http.StatusTemporaryRedirect)
 			return
 		}
 		h.executeTemplate(w, req)

diff --git a/web/routes_test.go b/web/routes_test.go
@@ -267,6 +267,19 @@ func Test_createRoutes_redirect(t *testing.T) {
 	abide.AssertHTTPResponse(t, t.Name(), rr.Result())
 }
 
+func Test_createRoutes_redirect_with_auth(t *testing.T) {
+	fs := afero.NewMemMapFs()
+	require.NoError(t, afero.WriteFile(fs, "index.html", []byte("index page"), 0644), "WriteFile should have no error.")
+
+	handler := createHandler(nil, afero.NewIOFS(fs), Config{Base: "/foobar", Username: "amir", Password: "password", Key: "key"})
+	req, err := http.NewRequest("GET", "/foobar/", nil)
+	require.NoError(t, err, "NewRequest should not return an error.")
+	rr := httptest.NewRecorder()
+
+	handler.ServeHTTP(rr, req)
+	abide.AssertHTTPResponse(t, t.Name(), rr.Result())
+}
+
 func Test_createRoutes_foobar(t *testing.T) {
 	fs := afero.NewMemMapFs()
 	require.NoError(t, afero.WriteFile(fs, "index.html", []byte("foo page"), 0644), "WriteFile should have no error.")