Make BaseURL insensitive to trailing slashes for metadata endpoint re…

…direct. (#5458) * Make BaseURL insensitive to trailing slashes for metadata endpoint redirect. Signed-off-by: Yakov Dlougach <[email protected]> * Lint renaming Signed-off-by: Yakov Dlougach <[email protected]> --------- Signed-off-by: Yakov Dlougach <[email protected]>
flyteorg · Jun 11, 2024 · 15e321b · 15e321b
1 parent cd37d1b
commit 15e321b
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 18 deletions.
diff --git a/flyteadmin/auth/handlers.go b/flyteadmin/auth/handlers.go
@@ -484,7 +484,7 @@ func QueryUserInfoUsingAccessToken(ctx context.Context, originalRequest *http.Re
 // See https://tools.ietf.org/html/rfc8414 for more information.
 func GetOIdCMetadataEndpointRedirectHandler(ctx context.Context, authCtx interfaces.AuthenticationContext) http.HandlerFunc {
 	return func(writer http.ResponseWriter, request *http.Request) {
-		metadataURL := authCtx.Options().UserAuth.OpenID.BaseURL.ResolveReference(authCtx.GetOIdCMetadataURL())
+		metadataURL := authCtx.Options().UserAuth.OpenID.BaseURL.JoinPath("/").ResolveReference(authCtx.GetOIdCMetadataURL())
 		http.Redirect(writer, request, metadataURL.String(), http.StatusSeeOther)
 	}
 }

diff --git a/flyteadmin/auth/handlers_test.go b/flyteadmin/auth/handlers_test.go
@@ -449,24 +449,60 @@ func TestGetHTTPRequestCookieToMetadataHandler_CustomHeader(t *testing.T) {
 
 func TestGetOIdCMetadataEndpointRedirectHandler(t *testing.T) {
 	ctx := context.Background()
-	metadataPath := mustParseURL(t, OIdCMetadataEndpoint)
-	mockAuthCtx := mocks.AuthenticationContext{}
-	mockAuthCtx.OnOptions().Return(&config.Config{
-		UserAuth: config.UserAuthConfig{
-			OpenID: config.OpenIDOptions{
-				BaseURL: stdConfig.URL{URL: mustParseURL(t, "http://www.google.com")},
-			},
+	type test struct {
+		name                     string
+		baseURL                  string
+		metadataPath             string
+		expectedRedirectLocation string
+	}
+	tests := []test{
+		{
+			name:                     "base_url_without_path",
+			baseURL:                  "http://www.google.com",
+			metadataPath:             OIdCMetadataEndpoint,
+			expectedRedirectLocation: "http://www.google.com/.well-known/openid-configuration",
 		},
-	})
-
-	mockAuthCtx.OnGetOIdCMetadataURL().Return(&metadataPath)
-	handler := GetOIdCMetadataEndpointRedirectHandler(ctx, &mockAuthCtx)
-	req, err := http.NewRequest("GET", "/xyz", nil)
-	assert.NoError(t, err)
-	w := httptest.NewRecorder()
-	handler(w, req)
-	assert.Equal(t, http.StatusSeeOther, w.Code)
-	assert.Equal(t, "http://www.google.com/.well-known/openid-configuration", w.Header()["Location"][0])
+		{
+			name:                     "base_url_with_path",
+			baseURL:                  "https://login.microsoftonline.com/abc/v2.0",
+			metadataPath:             OIdCMetadataEndpoint,
+			expectedRedirectLocation: "https://login.microsoftonline.com/abc/v2.0/.well-known/openid-configuration",
+		},
+		{
+			name:                     "base_url_with_trailing_slash_path",
+			baseURL:                  "https://login.microsoftonline.com/abc/v2.0/",
+			metadataPath:             OIdCMetadataEndpoint,
+			expectedRedirectLocation: "https://login.microsoftonline.com/abc/v2.0/.well-known/openid-configuration",
+		},
+		{
+			name:                     "absolute_metadata_path",
+			baseURL:                  "https://login.microsoftonline.com/abc/v2.0/",
+			metadataPath:             "/.well-known/openid-configuration",
+			expectedRedirectLocation: "https://login.microsoftonline.com/.well-known/openid-configuration",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			metadataPath := mustParseURL(t, tt.metadataPath)
+			mockAuthCtx := mocks.AuthenticationContext{}
+			mockAuthCtx.OnOptions().Return(&config.Config{
+				UserAuth: config.UserAuthConfig{
+					OpenID: config.OpenIDOptions{
+						BaseURL: stdConfig.URL{URL: mustParseURL(t, tt.baseURL)},
+					},
+				},
+			})
+
+			mockAuthCtx.OnGetOIdCMetadataURL().Return(&metadataPath)
+			handler := GetOIdCMetadataEndpointRedirectHandler(ctx, &mockAuthCtx)
+			req, err := http.NewRequest("GET", "/xyz", nil)
+			assert.NoError(t, err)
+			w := httptest.NewRecorder()
+			handler(w, req)
+			assert.Equal(t, http.StatusSeeOther, w.Code)
+			assert.Equal(t, tt.expectedRedirectLocation, w.Header()["Location"][0])
+		})
+	}
 }
 
 func TestUserInfoForwardResponseHander(t *testing.T) {