AUTH-2902 redirect with just the root host on curl commands

Dalton · Dalton · commit ca7d6797e109 · 2020-07-21T11:08:31.000-05:00
diff --git a/cmd/cloudflared/token/token.go b/cmd/cloudflared/token/token.go
@@ -128,19 +128,19 @@ func isTokenLocked(lockFilePath string) bool {
 }
 
 // FetchTokenWithRedirect will either load a stored token or generate a new one
-// it appends a redirect URL to the access cli request if opening the browser
+// it appends the full url as the redirect URL to the access cli request if opening the browser
 func FetchTokenWithRedirect(appURL *url.URL, logger logger.Service) (string, error) {
-	return getToken(appURL, true, logger)
+	return getToken(appURL, false, logger)
 }
 
 // FetchToken will either load a stored token or generate a new one
-// it doesn't append a redirect URL to the access cli request if opening the browser
+// it appends the host of the appURL as the redirect URL to the access cli request if opening the browser
 func FetchToken(appURL *url.URL, logger logger.Service) (string, error) {
-	return getToken(appURL, false, logger)
+	return getToken(appURL, true, logger)
 }
 
 // getToken will either load a stored token or generate a new one
-func getToken(appURL *url.URL, shouldRedirect bool, logger logger.Service) (string, error) {
+func getToken(appURL *url.URL, useHostOnly bool, logger logger.Service) (string, error) {
 	if token, err := GetTokenIfExists(appURL); token != "" && err == nil {
 		return token, nil
 	}
@@ -166,7 +166,7 @@ func getToken(appURL *url.URL, shouldRedirect bool, logger logger.Service) (stri
 	// this weird parameter is the resource name (token) and the key/value
 	// we want to send to the transfer service. the key is token and the value
 	// is blank (basically just the id generated in the transfer service)
-	token, err := transfer.Run(appURL, keyName, keyName, "", path, true, shouldRedirect, logger)
+	token, err := transfer.Run(appURL, keyName, keyName, "", path, true, useHostOnly, logger)
 	if err != nil {
 		return "", err
 	}
diff --git a/cmd/cloudflared/transfer/transfer.go b/cmd/cloudflared/transfer/transfer.go
@@ -28,12 +28,12 @@ const (
 // The "dance" we refer to is building a HTTP request, opening that in a browser waiting for
 // the user to complete an action, while it long polls in the background waiting for an
 // action to be completed to download the resource.
-func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, shouldRedirect bool, logger logger.Service) ([]byte, error) {
+func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncrypt bool, useHostOnly bool, logger logger.Service) ([]byte, error) {
 	encrypterClient, err := encrypter.New("cloudflared_priv.pem", "cloudflared_pub.pem")
 	if err != nil {
 		return nil, err
 	}
-	requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt, shouldRedirect)
+	requestURL, err := buildRequestURL(transferURL, key, value+encrypterClient.PublicKey(), shouldEncrypt, useHostOnly)
 	if err != nil {
 		return nil, err
 	}
@@ -82,18 +82,18 @@ func Run(transferURL *url.URL, resourceName, key, value, path string, shouldEncr
 // BuildRequestURL creates a request suitable for a resource transfer.
 // it will return a constructed url based off the base url and query key/value provided.
 // cli will build a url for cli transfer request.
-func buildRequestURL(baseURL *url.URL, key, value string, cli, shouldRedirect bool) (string, error) {
+func buildRequestURL(baseURL *url.URL, key, value string, cli, useHostOnly bool) (string, error) {
 	q := baseURL.Query()
 	q.Set(key, value)
 	baseURL.RawQuery = q.Encode()
+	if useHostOnly {
+		baseURL.Path = ""
+	}
 	if !cli {
 		return baseURL.String(), nil
 	}
-
-	if shouldRedirect {
-		q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url and the main url
-	}
-	baseURL.RawQuery = q.Encode() // and this actual baseURL.
+	q.Set("redirect_url", baseURL.String()) // we add the token as a query param on both the redirect_url and the main url
+	baseURL.RawQuery = q.Encode()           // and this actual baseURL.
 	baseURL.Path = "cdn-cgi/access/cli"
 	return baseURL.String(), nil
 }
diff --git a/cmd/cloudflared/tunnel/login.go b/cmd/cloudflared/tunnel/login.go
@@ -40,7 +40,7 @@ func login(c *cli.Context) error {
 		return err
 	}
 
-	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, true, logger)
+	_, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, false, logger)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)
 		return err

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ func login(c *cli.Context) error {`
`40`	`40`	`return err`
`41`	`41`	`}`
`42`	`42`
`43`		`- _, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, true, logger)`
	`43`	`+ _, err = transfer.Run(loginURL, "cert", "callback", callbackStoreURL, path, false, false, logger)`
`44`	`44`	`if err != nil {`
`45`	`45`	`fmt.Fprintf(os.Stderr, "Failed to write the certificate due to the following error:\n%v\n\nYour browser will download the certificate instead. You will have to manually\ncopy it to the following path:\n\n%s\n", err, path)`
`46`	`46`	`return err`