Log in with OIDC not work with MINIO_DOMAIN (#8558) (#8559)

2019-11-22 04:45:15 +03:00 · 2019-11-22 04:45:15 +03:00 · 06bd1e582a
parent fb43d64dc3
commit 06bd1e582a
1 changed files with 12 additions and 1 deletions
--- a/cmd/generic-handlers.go
+++ b/cmd/generic-handlers.go
@ -152,6 +152,7 @@ func containsReservedMetadata(header http.Header) bool {
 const (
 	minioReservedBucket     = "minio"
 	minioReservedBucketPath = SlashSeparator + minioReservedBucket
+	loginPathPrefix         = SlashSeparator + "login"
 )

 // Adds redirect rules for incoming requests.
@ -279,6 +280,16 @@ func isAdminReq(r *http.Request) bool {
 	return strings.HasPrefix(r.URL.Path, adminPathPrefix)
 }

+// guessIsLoginSTSReq - returns true if incoming request is Login STS user
+func guessIsLoginSTSReq(req *http.Request) bool {
+	if req == nil {
+		return false
+	}
+	return strings.HasPrefix(req.URL.Path, loginPathPrefix) ||
+		(req.Method == http.MethodPost && req.URL.Path == SlashSeparator &&
+			getRequestAuthType(req) == authTypeSTS)
+}
+
 // Adds verification for incoming paths.
 type minioReservedBucketHandler struct {
 	handler http.Handler
@ -608,7 +619,7 @@ type bucketForwardingHandler struct {
 func (f bucketForwardingHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if globalDNSConfig == nil || len(globalDomainNames) == 0 ||
 		guessIsHealthCheckReq(r) || guessIsMetricsReq(r) ||
-		guessIsRPCReq(r) || isAdminReq(r) {
+		guessIsRPCReq(r) || guessIsLoginSTSReq(r) || isAdminReq(r) {
 		f.handler.ServeHTTP(w, r)
 		return
 	}