From af9cf33553b5d5b30ec8b672daee148b81f1772a Mon Sep 17 00:00:00 2001 From: Gani Georgiev Date: Tue, 18 Jun 2024 12:10:12 +0300 Subject: [PATCH] [#5074] redirect with 303 in case of a POST OAuth2 callback --- apis/record_auth.go | 17 +++++++++++------ apis/record_auth_test.go | 2 +- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/apis/record_auth.go b/apis/record_auth.go index 70a9686b..e4a4399c 100644 --- a/apis/record_auth.go +++ b/apis/record_auth.go @@ -672,28 +672,33 @@ type oauth2RedirectData struct { } func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error { + redirectStatusCode := http.StatusTemporaryRedirect + if c.Request().Method != http.MethodGet { + redirectStatusCode = http.StatusSeeOther + } + data := oauth2RedirectData{} if err := c.Bind(&data); err != nil { api.app.Logger().Debug("Failed to read OAuth2 redirect data", "error", err) - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) + return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath) } if data.State == "" { api.app.Logger().Debug("Missing OAuth2 state parameter") - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) + return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath) } client, err := api.app.SubscriptionsBroker().ClientById(data.State) if err != nil || client.IsDiscarded() || !client.HasSubscription(oauth2SubscriptionTopic) { api.app.Logger().Debug("Missing or invalid OAuth2 subscription client", "error", err, "clientId", data.State) - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) + return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath) } defer client.Unsubscribe(oauth2SubscriptionTopic) encodedData, err := json.Marshal(data) if err != nil { api.app.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err) - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) + return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath) } msg := subscriptions.Message{ @@ -705,8 +710,8 @@ func (api *recordAuthApi) oauth2SubscriptionRedirect(c echo.Context) error { if data.Error != "" || data.Code == "" { api.app.Logger().Debug("Failed OAuth2 redirect due to an error or missing code parameter", "error", data.Error, "clientId", data.State) - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectFailurePath) + return c.Redirect(redirectStatusCode, oauth2RedirectFailurePath) } - return c.Redirect(http.StatusTemporaryRedirect, oauth2RedirectSuccessPath) + return c.Redirect(redirectStatusCode, oauth2RedirectSuccessPath) } diff --git a/apis/record_auth_test.go b/apis/record_auth_test.go index b4f7c150..309b1173 100644 --- a/apis/record_auth_test.go +++ b/apis/record_auth_test.go @@ -1714,7 +1714,7 @@ func TestRecordAuthOAuth2Redirect(t *testing.T) { BeforeTestFunc: beforeTestFunc(clientStubs[7], map[string][]string{ "c3": {`"state":"` + clientStubs[7]["c3"].Id(), `"code":"123"`}, }), - ExpectedStatus: http.StatusTemporaryRedirect, + ExpectedStatus: http.StatusSeeOther, AfterTestFunc: func(t *testing.T, app *tests.TestApp, res *http.Response) { app.Store().Get("cancelFunc").(context.CancelFunc)()