From 86abd274b0865a4453bd5245392a0a042e68931b Mon Sep 17 00:00:00 2001 From: Tom Moor Date: Sat, 4 May 2024 10:45:31 -0400 Subject: [PATCH] fix: Simplify redirect logic for self-hosted (#6867) --- server/errors.ts | 16 ++++++++-------- server/middlewares/passport.ts | 15 +++++++-------- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/server/errors.ts b/server/errors.ts index 3e5ef33aea77..008d9b26fbf9 100644 --- a/server/errors.ts +++ b/server/errors.ts @@ -8,20 +8,20 @@ export function InternalError(message = "Internal error") { export function AuthenticationError( message = "Authentication required", - redirectUrl = "/" + redirectPath = "/" ) { return httpErrors(401, message, { - redirectUrl, + redirectPath, id: "authentication_required", }); } export function InvalidAuthenticationError( message = "Invalid authentication", - redirectUrl = "/" + redirectPath = "/" ) { return httpErrors(401, message, { - redirectUrl, + redirectPath, id: "invalid_authentication", }); } @@ -159,10 +159,10 @@ export function TeamPendingDeletionError( export function EmailAuthenticationRequiredError( message = "User must authenticate with email", - redirectUrl = "/" + redirectPath = "/" ) { return httpErrors(400, message, { - redirectUrl, + redirectPath, id: "email_auth_required", }); } @@ -201,10 +201,10 @@ export function OIDCMalformedUserInfoError( export function AuthenticationProviderDisabledError( message = "Authentication method has been disabled by an admin", - redirectUrl = "/" + redirectPath = "/" ) { return httpErrors(400, message, { - redirectUrl, + redirectPath, id: "authentication_provider_disabled", }); } diff --git a/server/middlewares/passport.ts b/server/middlewares/passport.ts index dbf9e5d31d9c..1fad4d7ce0ea 100644 --- a/server/middlewares/passport.ts +++ b/server/middlewares/passport.ts @@ -25,8 +25,8 @@ export default function createMiddleware(providerName: string) { if (err.id) { const notice = err.id.replace(/_/g, "-"); - const redirectUrl = err.redirectUrl ?? "/"; - const hasQueryString = redirectUrl?.includes("?"); + const redirectPath = err.redirectPath ?? "/"; + const hasQueryString = redirectPath?.includes("?"); // Every authentication action is routed through the apex domain. // But when there is an error, we want to redirect the user on the @@ -35,18 +35,17 @@ export default function createMiddleware(providerName: string) { // get original host const stateString = ctx.cookies.get("state"); const state = stateString ? parseState(stateString) : undefined; - const host = state?.host ?? ctx.hostname; - // form a URL object with the err.redirectUrl and replace the host + // form a URL object with the err.redirectPath and replace the host const reqProtocol = state?.client === Client.Desktop ? "outline" : ctx.protocol; - const requestHost = ctx.get("host"); + const requestHost = state?.host ?? ctx.hostname; const url = new URL( - `${reqProtocol}://${requestHost}${redirectUrl}` + env.isCloudHosted + ? `${reqProtocol}://${requestHost}${redirectPath}` + : `${env.URL}${redirectPath}` ); - url.host = host; - return ctx.redirect( `${url.toString()}${hasQueryString ? "&" : "?"}notice=${notice}` );