diff --git a/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx b/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx index 7059de6852a2e..ce22b7be3c833 100644 --- a/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx +++ b/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx @@ -36,42 +36,42 @@ const launcherPathTestCases: { { name: 'no state and no path', path: '?path=', - expectedPath: 'x-teleport-auth', + expectedPath: 'undefined/x-teleport-auth', }, { name: 'no state with path', path: '?path=%2Ffoo%2Fbar', - expectedPath: 'x-teleport-auth?path=%2Ffoo%2Fbar', + expectedPath: 'undefined/x-teleport-auth?path=%2Ffoo%2Fbar', }, { name: 'no state with other path params (clusterId, publicAddr, publicArn', path: '/some-cluster-id/some-public-addr/arn::123/name', expectedPath: - 'x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', + 'some-public-addr/x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', }, { name: 'no state with path and with other path params', path: '/some-cluster-id/some-public-addr/arn::123/name?path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', + 'some-public-addr/x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', }, { name: 'with state', path: '?state=ABC', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value', }, { name: 'with state and path', path: '?state=ABC&path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', }, { name: 'with state, path, and params', path: '?state=ABC&path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', }, ]; @@ -116,7 +116,7 @@ describe('app launcher path is properly formed', () => { await waitFor(() => expect(window.location.replace).toHaveBeenCalledWith( - `https://grafana.localhost/${expectedPath}` + `https://${expectedPath}` ) ); expect(screen.queryByText(/access denied/i)).not.toBeInTheDocument(); diff --git a/web/packages/teleport/src/AppLauncher/AppLauncher.tsx b/web/packages/teleport/src/AppLauncher/AppLauncher.tsx index 58420124e08f3..a0724d20d9475 100644 --- a/web/packages/teleport/src/AppLauncher/AppLauncher.tsx +++ b/web/packages/teleport/src/AppLauncher/AppLauncher.tsx @@ -119,10 +119,11 @@ export function AppLauncher() { } // Let the target app know of a new auth exchange. + const publicAddr = resolvedApp.publicAddress; const stateToken = queryParams.get('state'); if (!stateToken) { initiateNewAuthExchange({ - fqdn, + publicAddr, port, path, params, @@ -138,7 +139,10 @@ export function AppLauncher() { const session = await service.createAppSession(params); // Set all the fields expected by server to validate request. - const url = getXTeleportAuthUrl({ fqdn, port }); + const url = getXTeleportAuthUrl({ + publicAddr: publicAddr, + port, + }); url.searchParams.set('state', stateToken); url.searchParams.set('subject', session.subjectCookieValue); if (requiredApps.length > 1) { @@ -217,9 +221,15 @@ function prepareFqdn(fqdn: string) { } } -function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) { +function getXTeleportAuthUrl({ + port, + publicAddr, +}: { + port: string; + publicAddr: string; +}) { try { - return new URL(`https://${fqdn}${port}/x-teleport-auth`); + return new URL(`https://${publicAddr}${port}/x-teleport-auth`); } catch (err) { throwFailedToParseUrlError(err); } @@ -235,13 +245,13 @@ function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) { // bookmarked URL), in which the server will redirect the user // to this launcher. function initiateNewAuthExchange({ - fqdn, + publicAddr, port, params, path, requiredApps, }: { - fqdn: string; + publicAddr: string; port: string; // params will only be defined if the user clicked our "launch" // app button from the web UI. @@ -255,7 +265,7 @@ function initiateNewAuthExchange({ path: string; requiredApps: string[]; }) { - const url = getXTeleportAuthUrl({ fqdn, port }); + const url = getXTeleportAuthUrl({ publicAddr: params.publicAddr, port }); if (path) { url.searchParams.set('path', path);