fix: block login behind certain proxies

Author: cavefire

custom_components/openid/authorize.js

@@ -12,7 +12,12 @@ window.fetch = async (...args) => {
   window.fetch = originalFetch;
 
   const responseBody = await response.clone().json();
-  console.log('Response from /auth/login_flow:', responseBody);
+
+  if (responseBody.block_login) {
+    console.info('Home Assistant login methods are blocked by hass-openid. Redirecting to OpenID login.');
+    redirect_openid_login();
+    return response;
+  }
 
   const authFlow = document.getElementsByClassName('card-content')[0];
 
@@ -21,15 +26,7 @@ window.fetch = async (...args) => {
   listItemNode.setAttribute('hasmeta', '');
   listItemNode.setAttribute('mwc-list-item', '');
   listItemNode.innerHTML = 'OpenID / OAuth2 Authentication <ha-icon-next slot="meta"></ha-icon-next>';
-  listItemNode.onclick = () => {
-    const urlParams = new URLSearchParams(window.location.search);
-    const clientId = encodeURIComponent(urlParams.get('client_id'));
-    const redirectUri = encodeURIComponent(urlParams.get('redirect_uri'));
-    const baseUrl = window.location.origin;
-
-    const encodedUrl = encodeURIComponent(`/auth/openid/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&base_url=${baseUrl}`);
-    window.location.href = decodeURIComponent(encodedUrl);
-  };
+  listItemNode.onclick = redirect_openid_login;
 
   listNode.appendChild(listItemNode);
   authFlow.append(listNode);
@@ -48,3 +45,13 @@ window.fetch = async (...args) => {
 
   return response;
 };
+
+function redirect_openid_login() {
+  const urlParams = new URLSearchParams(window.location.search);
+  const clientId = encodeURIComponent(urlParams.get('client_id'));
+  const redirectUri = encodeURIComponent(urlParams.get('redirect_uri'));
+  const baseUrl = window.location.origin;
+
+  const encodedUrl = encodeURIComponent(`/auth/openid/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&base_url=${baseUrl}`);
+  window.location.href = decodeURIComponent(encodedUrl);
+}

custom_components/openid/http_helper.py

@@ -4,9 +4,8 @@
 import json
 import logging
 
-from aiohttp.web import HTTPFound, Request, Response
+from aiohttp.web import Request, Response
 
-from homeassistant.const import CONF_CLIENT_ID
 from homeassistant.core import HomeAssistant
 
 from .const import CONF_BLOCK_LOGIN, DOMAIN
@@ -28,6 +27,7 @@ async def get(request: Request) -> Response:
             "last_step": None,
             "preview": None,
             "step_id": "init",
+            "block_login": hass.data[DOMAIN].get(CONF_BLOCK_LOGIN, False),
         }
 
         return Response(
@@ -52,17 +52,6 @@ def override_authorize_route(hass: HomeAssistant) -> None:
     """Patch the built-in /auth/authorize page to load our JS helper."""
 
     async def get(request: Request) -> Response:
-        if hass.data[DOMAIN].get(CONF_BLOCK_LOGIN, False):
-            get_params = request.rel_url.query
-            client_id = get_params.get(CONF_CLIENT_ID)
-            redirect_uri = get_params.get("redirect_uri", "/")
-
-            return HTTPFound(
-                location=str(
-                    f"/auth/openid/authorize?client_id={client_id}&redirect_uri={redirect_uri}"
-                )
-            )
-
         content = hass.data[DOMAIN]["authorize_template"]
 
         # Inject script before </head>

custom_components/openid/manifest.json

@@ -11,5 +11,5 @@
   "iot_class": "cloud_polling",
   "issue_tracker": "https://github.com/cavefire/hass-openid/issues",
   "requirements": [],
-  "version": "1.1.2"
+  "version": "1.1.6"
 }