Skip to content
Permalink
Browse files

Redirect authenticated user to home page on re-authentication

* GoCD allows a authenticated user to access the login page. If a
  authenticated users tries to re-authenticate using web-based
  authentication currently the user gets a 404.
* This commit ensures if a authenticated users tries to re-authenticate,
  the user is re-directed to home page.
  • Loading branch information...
maheshp committed Jul 27, 2017
1 parent 95e3f80 commit 793d19809f2693028ab40ef83403810ef47a3b1f
@@ -22,6 +22,7 @@
import com.thoughtworks.go.server.service.GoConfigService;
import com.thoughtworks.go.server.web.SiteUrlProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.ui.FilterChainOrder;
import org.springframework.security.ui.SpringSecurityFilter;

@@ -39,6 +40,7 @@
private AuthorizationExtension authorizationExtension;
private GoConfigService goConfigService;
private SiteUrlProvider siteUrlProvider;
private String DEFAULT_TARGET_URL = "/";

@Autowired
public WebBasedAuthenticationFilter(AuthorizationExtension authorizationExtension, GoConfigService goConfigService,
@@ -51,7 +53,8 @@ public WebBasedAuthenticationFilter(AuthorizationExtension authorizationExtensio
@Override
public void doFilterHttp(HttpServletRequest httpRequest, HttpServletResponse httpResponse, FilterChain chain) throws IOException, ServletException {
if(isWebBasedPluginLoginRequest(httpRequest)) {
httpResponse.sendRedirect(authorizationServerUrl(pluginId(httpRequest), siteUrlProvider.siteUrl(httpRequest)));
String redirectUrl = isAuthenticated() ? DEFAULT_TARGET_URL : authorizationServerUrl(pluginId(httpRequest), siteUrlProvider.siteUrl(httpRequest));
httpResponse.sendRedirect(redirectUrl);
return;
}

@@ -74,6 +77,10 @@ private boolean isWebBasedPluginLoginRequest(HttpServletRequest request) {
return LOGIN_REQUEST_PATTERN.matcher(request.getRequestURI()).matches();
}

private boolean isAuthenticated() {
return SecurityContextHolder.getContext().getAuthentication() != null;
}

@Override
public int getOrder() {
return FilterChainOrder.PRE_AUTH_FILTER - 1;
@@ -20,10 +20,13 @@
import com.thoughtworks.go.config.SecurityConfig;
import com.thoughtworks.go.domain.config.ConfigurationProperty;
import com.thoughtworks.go.plugin.access.authorization.AuthorizationExtension;
import com.thoughtworks.go.server.security.tokens.PreAuthenticatedAuthenticationToken;
import com.thoughtworks.go.server.service.GoConfigService;
import com.thoughtworks.go.server.web.SiteUrlProvider;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.context.SecurityContextHolder;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
@@ -61,6 +64,11 @@ public void setUp() throws Exception {
filter = new WebBasedAuthenticationFilter(authorizationExtension, goConfigService, siteUrlProvider);
}

@After
public void tearDown() throws Exception {
SecurityContextHolder.getContext().setAuthentication(null);
}

@Test
public void shouldHandleOnlyWebBasedPluginAuthenticationRequests() throws Exception {
when(request.getRequestURI()).thenReturn("/go/plugin/github.oauth/login");
@@ -93,4 +101,16 @@ public void shouldIgnoreRequestsToAuthenticationPlugins() throws Exception {
verifyZeroInteractions(authorizationExtension);
verify(filterChain).doFilter(request, response);
}

@Test
public void shouldRedirectToHomePageIfAuthenticatedUserTriesToReauthenticate() throws Exception {
SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken(null, null, null));
when(request.getRequestURI()).thenReturn("/go/plugin/github.oauth/login");

filter.doFilter(request, response, filterChain);

verify(response).sendRedirect("/");
verifyZeroInteractions(authorizationExtension);
verifyNoMoreInteractions(filterChain);
}
}

0 comments on commit 793d198

Please sign in to comment.
You can’t perform that action at this time.