Skip to content

fix: redirect unauthorized git users to login screen #10995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Dec 7, 2023
+26 −15
Merged

fix: redirect unauthorized git users to login screen #10995

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a272e30
fix: redirect to login screen if unauthorized git user
Kira-Pilot Dec 1, 2023
ecdb59e
consolidated language
Kira-Pilot Dec 1, 2023
d31f554
fix redirect
Kira-Pilot Dec 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
fix redirect
  • Loading branch information
@Kira-Pilot
Kira-Pilot committed Dec 5, 2023
commit d31f55490623b89c14f0f43b654220260121c2f4
15 changes: 15 additions & 0 deletions coderd/httpmw/apikey.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -538,3 +538,18 @@ func RedirectToLogin(rw http.ResponseWriter, r *http.Request, dashboardURL *url.
// (like temporary redirect does).
http.Redirect(rw, r, u.String(), http.StatusSeeOther)
}

// CustomRedirectToLogin redirects the user to the login page with the `message` and
// `redirect` query parameters set, with a provided code
func CustomRedirectToLogin(rw http.ResponseWriter, r *http.Request, redirect string, message string, code int) {
q := url.Values{}
q.Add("message", message)
q.Add("redirect", redirect)

u := &url.URL{
Path: "/login",
RawQuery: q.Encode(),
}

http.Redirect(rw, r, u.String(), code)
}
9 changes: 3 additions & 6 deletions coderd/userauth.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import (
"fmt"
"net/http"
"net/mail"
"net/url"
"regexp"
"sort"
"strconv"
Expand Down Expand Up @@ -511,6 +510,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {

var selectedMemberships []*github.Membership
var organizationNames []string
redirect := state.Redirect
if !api.GithubOAuth2Config.AllowEveryone {
memberships, err := api.GithubOAuth2Config.ListOrganizationMemberships(ctx, oauthClient)
if err != nil {
Expand All @@ -536,7 +536,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
}
}
if len(selectedMemberships) == 0 {
httpmw.RedirectToLogin(rw, r, &url.URL{Path: "/login"}, "You aren't a member of the authorized Github organizations!")
httpmw.CustomRedirectToLogin(rw, r, redirect, "You aren't a member of the authorized Github organizations!", http.StatusUnauthorized)
return
}
}
Expand Down Expand Up @@ -573,9 +573,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
}
}
if allowedTeam == nil {
httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
Message: fmt.Sprintf("You aren't a member of an authorized team in the %v Github organization(s)!", organizationNames),
})
httpmw.CustomRedirectToLogin(rw, r, redirect, fmt.Sprintf("You aren't a member of an authorized team in the %v Github organization(s)!", organizationNames), http.StatusUnauthorized)
return
}
}
Expand Down Expand Up @@ -657,7 +655,6 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
http.SetCookie(rw, cookie)
}

redirect := state.Redirect
if redirect == "" {
redirect = "/"
}
Expand Down
3 changes: 1 addition & 2 deletions site/src/pages/LoginPage/LoginPageView.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,7 @@ export const LoginPageView: FC<LoginPageViewProps> = ({
const redirectTo = retrieveRedirect(location.search);
// This allows messages to be displayed at the top of the sign in form.
// Helpful for any redirects that want to inform the user of something.
const message =
new URLSearchParams(location.search).get("message") || undefined;
const message = new URLSearchParams(location.search).get("message");
const applicationName = getApplicationName();
const logoURL = getLogoURL();
const applicationLogo = logoURL ? (
Expand Down
6 changes: 3 additions & 3 deletions site/src/pages/LoginPage/SignInForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { type Interpolation, type Theme } from "@emotion/react";
import { type FC } from "react";
import { ReactNode, type FC } from "react";
import type { AuthMethods } from "api/typesGenerated";
import { PasswordSignInForm } from "./PasswordSignInForm";
import { OAuthSignInForm } from "./OAuthSignInForm";
Expand Down Expand Up @@ -63,7 +63,7 @@ export interface SignInFormProps {
isSigningIn: boolean;
redirectTo: string;
error?: unknown;
message?: string;
message?: ReactNode;
authMethods?: AuthMethods;
onSubmit: (credentials: { email: string; password: string }) => void;
}
Expand Down Expand Up @@ -91,7 +91,7 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
</div>
)}

{Boolean(message) && (
{message && (
<div css={styles.alert}>
<Alert severity="info">{message}</Alert>
</div>
Expand Down