From a67cf46493add7839ed5852205a31ffcebf6d7c4 Mon Sep 17 00:00:00 2001 From: Andrew LeFevre Date: Mon, 28 Oct 2024 18:37:49 -0400 Subject: [PATCH] fix state cookie not getting set Most of the logic contributed by avatus --- .../src/AppLauncher/AppLauncher.test.tsx | 16 +++++++------- .../teleport/src/AppLauncher/AppLauncher.tsx | 21 ++++++++++++------- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx b/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx index 7059de6852a2e..ce22b7be3c833 100644 --- a/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx +++ b/web/packages/teleport/src/AppLauncher/AppLauncher.test.tsx @@ -36,42 +36,42 @@ const launcherPathTestCases: { { name: 'no state and no path', path: '?path=', - expectedPath: 'x-teleport-auth', + expectedPath: 'undefined/x-teleport-auth', }, { name: 'no state with path', path: '?path=%2Ffoo%2Fbar', - expectedPath: 'x-teleport-auth?path=%2Ffoo%2Fbar', + expectedPath: 'undefined/x-teleport-auth?path=%2Ffoo%2Fbar', }, { name: 'no state with other path params (clusterId, publicAddr, publicArn', path: '/some-cluster-id/some-public-addr/arn::123/name', expectedPath: - 'x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', + 'some-public-addr/x-teleport-auth?cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', }, { name: 'no state with path and with other path params', path: '/some-cluster-id/some-public-addr/arn::123/name?path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', + 'some-public-addr/x-teleport-auth?path=%2Ffoo%2Fbar&cluster=some-cluster-id&addr=some-public-addr&arn=arn%3A%3A123', }, { name: 'with state', path: '?state=ABC', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value#value=cookie-value', }, { name: 'with state and path', path: '?state=ABC&path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', }, { name: 'with state, path, and params', path: '?state=ABC&path=%2Ffoo%2Fbar', expectedPath: - 'x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', + 'grafana.localhost/x-teleport-auth?state=ABC&subject=subject-cookie-value&path=%2Ffoo%2Fbar#value=cookie-value', }, ]; @@ -116,7 +116,7 @@ describe('app launcher path is properly formed', () => { await waitFor(() => expect(window.location.replace).toHaveBeenCalledWith( - `https://grafana.localhost/${expectedPath}` + `https://${expectedPath}` ) ); expect(screen.queryByText(/access denied/i)).not.toBeInTheDocument(); diff --git a/web/packages/teleport/src/AppLauncher/AppLauncher.tsx b/web/packages/teleport/src/AppLauncher/AppLauncher.tsx index 58420124e08f3..79b5e67ba1bbb 100644 --- a/web/packages/teleport/src/AppLauncher/AppLauncher.tsx +++ b/web/packages/teleport/src/AppLauncher/AppLauncher.tsx @@ -119,10 +119,10 @@ export function AppLauncher() { } // Let the target app know of a new auth exchange. + const publicAddr = resolvedApp.publicAddress; const stateToken = queryParams.get('state'); if (!stateToken) { initiateNewAuthExchange({ - fqdn, port, path, params, @@ -138,7 +138,10 @@ export function AppLauncher() { const session = await service.createAppSession(params); // Set all the fields expected by server to validate request. - const url = getXTeleportAuthUrl({ fqdn, port }); + const url = getXTeleportAuthUrl({ + publicAddr: publicAddr, + port, + }); url.searchParams.set('state', stateToken); url.searchParams.set('subject', session.subjectCookieValue); if (requiredApps.length > 1) { @@ -217,9 +220,15 @@ function prepareFqdn(fqdn: string) { } } -function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) { +function getXTeleportAuthUrl({ + port, + publicAddr, +}: { + port: string; + publicAddr: string; +}) { try { - return new URL(`https://${fqdn}${port}/x-teleport-auth`); + return new URL(`https://${publicAddr}${port}/x-teleport-auth`); } catch (err) { throwFailedToParseUrlError(err); } @@ -235,13 +244,11 @@ function getXTeleportAuthUrl({ fqdn, port }: { fqdn: string; port: string }) { // bookmarked URL), in which the server will redirect the user // to this launcher. function initiateNewAuthExchange({ - fqdn, port, params, path, requiredApps, }: { - fqdn: string; port: string; // params will only be defined if the user clicked our "launch" // app button from the web UI. @@ -255,7 +262,7 @@ function initiateNewAuthExchange({ path: string; requiredApps: string[]; }) { - const url = getXTeleportAuthUrl({ fqdn, port }); + const url = getXTeleportAuthUrl({ publicAddr: params.publicAddr, port }); if (path) { url.searchParams.set('path', path);