fix redirect after logging in (#25546)

2018-11-14 16:48:07 -05:00 · 2018-11-14 16:48:07 -05:00 · 53f5f50b71
parent 22a4fed51d
commit 53f5f50b71
5 changed files with 12 additions and 10 deletions
--- a/x-pack/plugins/security/server/lib/tests/fixtures/request.js
+++ b/x-pack/plugins/security/server/lib/tests/fixtures/request.js
@ -8,6 +8,7 @@ import url from 'url';
 export function requestFixture({
  headers = { accept: 'something/html' },
  path = '/wat',
+  basePath = '',
  search = '',
  payload
 } = {}) {
@ -15,6 +16,7 @@ export function requestFixture({
    raw: { req: { headers } },
    headers,
    url: { path, search },
+    getBasePath: () => basePath,
    query: search ? url.parse(search, { parseQueryString: true }).query : {},
    payload,
    state: { user: 'these are the contents of the user client cookie' }
--- a/x-pack/plugins/security/server/lib/authentication/providers/tests/basic.js
+++ b/x-pack/plugins/security/server/lib/authentication/providers/tests/basic.js
@ -44,13 +44,13 @@ describe('BasicAuthenticationProvider', () => {

    it('redirects non-AJAX requests that can not be authenticated to the login page.', async () => {
      const authenticationResult = await provider.authenticate(
-        requestFixture({ path: '/some-path # that needs to be encoded' }),
+        requestFixture({ path: '/some-path # that needs to be encoded', basePath: '/s/foo' }),
        null
      );

      expect(authenticationResult.redirected()).to.be(true);
      expect(authenticationResult.redirectURL).to.be(
-        '/base-path/login?next=%2Fbase-path%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
+        '/base-path/login?next=%2Fs%2Ffoo%2Fsome-path%20%23%20that%20needs%20to%20be%20encoded'
      );
    });

--- a/x-pack/plugins/security/server/lib/authentication/providers/tests/saml.js
+++ b/x-pack/plugins/security/server/lib/authentication/providers/tests/saml.js
@ -40,7 +40,7 @@ describe('SAMLAuthenticationProvider', () => {
    });

    it('redirects non-AJAX request that can not be authenticated to the IdP.', async () => {
-      const request = requestFixture({ path: '/some-path' });
+      const request = requestFixture({ path: '/some-path', basePath: '/s/foo' });

      callWithInternalUser
        .withArgs('shield.samlPrepare')
@ -61,7 +61,7 @@ describe('SAMLAuthenticationProvider', () => {
      expect(authenticationResult.redirectURL).to.be('https://idp-host/path/login?SAMLRequest=some%20request%20');
      expect(authenticationResult.state).to.eql({
        requestId: 'some-request-id',
-        nextURL: `/test-base-path/some-path`
+        nextURL: `/s/foo/some-path`
      });
    });

@ -334,7 +334,7 @@ describe('SAMLAuthenticationProvider', () => {
    });

    it('initiates SAML handshake for non-AJAX requests if refresh token is used more than once.', async () => {
-      const request = requestFixture({ path: '/some-path' });
+      const request = requestFixture({ path: '/some-path', basePath: '/s/foo' });

      callWithInternalUser
        .withArgs('shield.samlPrepare')
@ -372,7 +372,7 @@ describe('SAMLAuthenticationProvider', () => {
      expect(authenticationResult.redirectURL).to.be('https://idp-host/path/login?SAMLRequest=some%20request%20');
      expect(authenticationResult.state).to.eql({
        requestId: 'some-request-id',
-        nextURL: `/test-base-path/some-path`
+        nextURL: `/s/foo/some-path`
      });
    });

@ -404,7 +404,7 @@ describe('SAMLAuthenticationProvider', () => {
    });

    it('initiates SAML handshake for non-AJAX requests if refresh token is expired.', async () => {
-      const request = requestFixture({ path: '/some-path' });
+      const request = requestFixture({ path: '/some-path', basePath: '/s/foo' });

      callWithInternalUser
        .withArgs('shield.samlPrepare')
@ -442,7 +442,7 @@ describe('SAMLAuthenticationProvider', () => {
      expect(authenticationResult.redirectURL).to.be('https://idp-host/path/login?SAMLRequest=some%20request%20');
      expect(authenticationResult.state).to.eql({
        requestId: 'some-request-id',
-        nextURL: `/test-base-path/some-path`
+        nextURL: `/s/foo/some-path`
      });
    });

--- a/x-pack/plugins/security/server/lib/authentication/providers/basic.js
+++ b/x-pack/plugins/security/server/lib/authentication/providers/basic.js
@ -55,7 +55,7 @@ export class BasicAuthenticationProvider {
      authenticationResult = await this._authenticateViaState(request, state);
    } else if (authenticationResult.notHandled() && canRedirectRequest(request)) {
      // If we couldn't handle authentication let's redirect user to the login page.
-      const nextURL = encodeURIComponent(`${this._options.basePath}${request.url.path}`);
+      const nextURL = encodeURIComponent(`${request.getBasePath()}${request.url.path}`);
      authenticationResult = AuthenticationResult.redirectTo(
        `${this._options.basePath}/login?next=${nextURL}`
      );
--- a/x-pack/plugins/security/server/lib/authentication/providers/saml.js
+++ b/x-pack/plugins/security/server/lib/authentication/providers/saml.js
@ -357,7 +357,7 @@ export class SAMLAuthenticationProvider {
      return AuthenticationResult.redirectTo(
        redirect,
        // Store request id in the state so that we can reuse it once we receive `SAMLResponse`.
-        { requestId, nextURL: `${this._options.basePath}${request.url.path}` }
+        { requestId, nextURL: `${request.getBasePath()}${request.url.path}` }
      );
    } catch (err) {
      this._options.log(['debug', 'security', 'saml'], `Failed to initiate SAML handshake: ${err.message}`);