fix custom server return URL decoding

Previously the form escaped the return URL twice, preventing it from working.
go-pkgz · Jan 14, 2023 · fb9d0aa · fb9d0aa
1 parent c3360c6
commit fb9d0aa
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/provider/custom_server.go b/provider/custom_server.go
@@ -135,7 +135,7 @@ func (c *CustomServer) handleAuthorize(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 
-			formData := struct{ Query string }{Query: r.URL.RawQuery}
+			formData := struct{ Query template.URL }{Query: template.URL(r.URL.RawQuery)} //nolint:gosec // query is safe
 
 			if err := userLoginTmpl.Execute(w, formData); err != nil {
 				c.Logf("[WARN] can't write, %s", err)

diff --git a/provider/dev_provider.go b/provider/dev_provider.go
@@ -67,7 +67,7 @@ func (d *DevAuthServer) Run(ctx context.Context) { // nolint (gocyclo)
 
 				// first time it will be called without username and will ask for one
 				if !d.Automatic && (r.ParseForm() != nil || r.Form.Get("username") == "") {
-					formData := struct{ Query template.URL }{Query: template.URL(r.URL.RawQuery)} //nolint:gosec // query is safes
+					formData := struct{ Query template.URL }{Query: template.URL(r.URL.RawQuery)} //nolint:gosec // query is safe
 					if err = userFormTmpl.Execute(w, formData); err != nil {
 						d.Logf("[WARN] can't write, %s", err)
 					}