Path based redirects redirect to dashboardurl

Emyrk · Emyrk · commit 07323e59f1eb · 2023-04-11T13:56:41.000-05:00
diff --git a/coderd/httpmw/apikey.go b/coderd/httpmw/apikey.go
@@ -149,7 +149,7 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon
 	// like workspace applications.
 	write := func(code int, response codersdk.Response) (*database.APIKey, *Authorization, bool) {
 		if cfg.RedirectToLogin {
-			RedirectToLogin(rw, r, response.Message)
+			RedirectToLogin(rw, r, nil, response.Message)
 			return nil, nil, false
 		}
 
@@ -440,7 +440,11 @@ func SplitAPIToken(token string) (id string, secret string, err error) {
 
 // RedirectToLogin redirects the user to the login page with the `message` and
 // `redirect` query parameters set.
-func RedirectToLogin(rw http.ResponseWriter, r *http.Request, message string) {
+//
+// If dashboardURL is nil, the redirect will be relative to the current
+// request's host. If it is not nil, the redirect will be absolute with dashboard
+// url as the host.
+func RedirectToLogin(rw http.ResponseWriter, r *http.Request, dashboardURL *url.URL, message string) {
 	path := r.URL.Path
 	if r.URL.RawQuery != "" {
 		path += "?" + r.URL.RawQuery
@@ -454,6 +458,14 @@ func RedirectToLogin(rw http.ResponseWriter, r *http.Request, message string) {
 		Path:     "/login",
 		RawQuery: q.Encode(),
 	}
+	// If dashboardURL is provided, we want to redirect to the dashboard
+	// login page.
+	if dashboardURL != nil {
+		cpy := *dashboardURL
+		cpy.Path = u.Path
+		cpy.RawQuery = u.RawQuery
+		u = &cpy
+	}
 
 	// See other forces a GET request rather than keeping the current method
 	// (like temporary redirect does).
diff --git a/coderd/httpmw/userparam.go b/coderd/httpmw/userparam.go
@@ -60,7 +60,7 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han
 				apiKey, ok := APIKeyOptional(r)
 				if !ok {
 					if redirectToLoginOnMe {
-						RedirectToLogin(rw, r, SignedOutErrorMessage)
+						RedirectToLogin(rw, r, nil, SignedOutErrorMessage)
 						return
 					}
 
diff --git a/coderd/workspaceapps/db.go b/coderd/workspaceapps/db.go
@@ -130,9 +130,7 @@ func (p *DBTokenProvider) IssueToken(ctx context.Context, rw http.ResponseWriter
 		// and they aren't signed in.
 		switch appReq.AccessMethod {
 		case AccessMethodPath:
-			// TODO(@deansheather): this doesn't work on moons so will need to
-			// be updated to include the access URL as a param
-			httpmw.RedirectToLogin(rw, r, httpmw.SignedOutErrorMessage)
+			httpmw.RedirectToLogin(rw, r, p.DashboardURL, httpmw.SignedOutErrorMessage)
 		case AccessMethodSubdomain:
 			// Redirect to the app auth redirect endpoint with a valid redirect
 			// URI.
diff --git a/enterprise/cli/workspaceproxy.go b/enterprise/cli/workspaceproxy.go

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ func ExtractUserParam(db database.Store, redirectToLoginOnMe bool) func(http.Han`
`60`	`60`	`apiKey, ok := APIKeyOptional(r)`
`61`	`61`	`if !ok {`
`62`	`62`	`if redirectToLoginOnMe {`
`63`		`- RedirectToLogin(rw, r, SignedOutErrorMessage)`
	`63`	`+ RedirectToLogin(rw, r, nil, SignedOutErrorMessage)`
`64`	`64`	`return`
`65`	`65`	`}`
`66`	`66`