Skip to content

Commit

Permalink
fix state cookie not getting set
Browse files Browse the repository at this point in the history
Most of the logic contributed by avatus
  • Loading branch information
capnspacehook committed Oct 28, 2024
1 parent 418f737 commit 8629517
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 15 deletions.
16 changes: 8 additions & 8 deletions web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -36,42 +36,42 @@ const launcherPathTestCases: {
{
name: 'no state and no path',
path: '?path=',
expectedPath: 'x-teleport-auth',
expectedPath: 'undefined/x-teleport-auth',
},
{
name: 'no state with path',
path: '?path=%2Ffoo%2Fbar',
expectedPath: 'x-teleport-auth?path=%2Ffoo%2Fbar',
expectedPath: 'undefined/x-teleport-auth?path=%2Ffoo%2Fbar',
},
{
name: 'no state with other path params (clusterId, publicAddr, publicArn',
path: '/some-cluster-id/some-public-addr/arn::123/name',
expectedPath:
'x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123',
'some-public-addr/x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123',
},
{
name: 'no state with path and with other path params',
path: '/some-cluster-id/some-public-addr/arn::123/name?path=%2Ffoo%2Fbar',
expectedPath:
'x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123',
'some-public-addr/x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123',
},
{
name: 'with state',
path: '?state=ABC',
expectedPath:
'x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value',
'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value',
},
{
name: 'with state and path',
path: '?state=ABC&path=%2Ffoo%2Fbar',
expectedPath:
'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value',
'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value',
},
{
name: 'with state, path, and params',
path: '?state=ABC&path=%2Ffoo%2Fbar',
expectedPath:
'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value',
'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value',
},
];

Expand Down Expand Up @@ -116,7 +116,7 @@ describe('app launcher path is properly formed', () => {

await waitFor(() =>
expect(window.location.replace).toHaveBeenCalledWith(
`https://grafana.localhost/${expectedPath}`
`https://${expectedPath}`
)
);
expect(screen.queryByText(/access denied/i)).not.toBeInTheDocument();
Expand Down
21 changes: 14 additions & 7 deletions web/packages/teleport/src/AppLauncher/AppLauncher.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -119,10 +119,10 @@ export function AppLauncher() {
}

// Let the target app know of a new auth exchange.
const publicAddr = resolvedApp.publicAddress;
const stateToken = queryParams.get('state');
if (!stateToken) {
initiateNewAuthExchange({
fqdn,
port,
path,
params,
Expand All @@ -138,7 +138,10 @@ export function AppLauncher() {
const session = await service.createAppSession(params);

// Set all the fields expected by server to validate request.
const url = getXTeleportAuthUrl({ fqdn, port });
const url = getXTeleportAuthUrl({
publicAddr: publicAddr,
port,
});
url.searchParams.set('state', stateToken);
url.searchParams.set('subject', session.subjectCookieValue);
if (requiredApps.length > 1) {
Expand Down Expand Up @@ -217,9 +220,15 @@ function prepareFqdn(fqdn: string) {
}
}

function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) {
function getXTeleportAuthUrl({
port,
publicAddr,
}: {
port: string;
publicAddr: string;
}) {
try {
return new URL(`https://${fqdn}${port}/x-teleport-auth`);
return new URL(`https://${publicAddr}${port}/x-teleport-auth`);
} catch (err) {
throwFailedToParseUrlError(err);
}
Expand All @@ -235,13 +244,11 @@ function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) {
// bookmarked URL), in which the server will redirect the user
// to this launcher.
function initiateNewAuthExchange({
fqdn,
port,
params,
path,
requiredApps,
}: {
fqdn: string;
port: string;
// params will only be defined if the user clicked our "launch"
// app button from the web UI.
Expand All @@ -255,7 +262,7 @@ function initiateNewAuthExchange({
path: string;
requiredApps: string[];
}) {
const url = getXTeleportAuthUrl({ fqdn, port });
const url = getXTeleportAuthUrl({ publicAddr: params.publicAddr, port });

if (path) {
url.searchParams.set('path', path);
Expand Down

0 comments on commit 8629517

Please sign in to comment.