cleanup old redirect logic

iQQBot · iQQBot · commit 1bf86ee071b2 · 2025-07-29T17:54:36.000Z
diff --git a/components/server/src/auth/generic-auth-provider.ts b/components/server/src/auth/generic-auth-provider.ts
@@ -302,14 +302,6 @@ export abstract class GenericAuthProvider implements AuthProvider {
             return;
         }
 
-        if (!this.loginCompletionHandler.isBaseDomain(request)) {
-            // For auth requests that are not targetting the base domain, we redirect to the base domain, so they come with our cookie.
-            log.info(`(${strategyName}) Auth request on subdomain, redirecting to base domain`, { clientInfo });
-            const target = new URL(request.url, this.config.hostUrl.url.toString()).toString();
-            response.redirect(target);
-            return;
-        }
-
         if (isAlreadyLoggedIn) {
             if (!authFlow) {
                 log.warn(
diff --git a/components/server/src/auth/login-completion-handler.ts b/components/server/src/auth/login-completion-handler.ts
@@ -86,25 +86,6 @@ export class LoginCompletionHandler {
             );
         }
 
-        if (!this.isBaseDomain(request)) {
-            // (GitHub edge case) If we got redirected here onto a sub-domain (e.g. api.gitpod.io), we need to redirect to the base domain in order to Set-Cookie properly.
-            const secret = crypto
-                .createHash("sha256")
-                .update(user.id + this.config.session.secret)
-                .digest("hex");
-            const expirationDate = new Date(Date.now() + 1000 * 60); // 1 minutes
-            const token = await this.otsServer.serveToken({}, secret, expirationDate);
-
-            reportLoginCompleted("succeeded_via_ots", "git");
-            log.info(
-                logContext,
-                `User will be logged in via OTS on the base domain. (Indirect) redirect to: ${returnTo}`,
-            );
-            const baseDomainRedirect = this.config.hostUrl.asLoginWithOTS(user.id, token.token, returnTo).toString();
-            response.redirect(baseDomainRedirect);
-            return;
-        }
-
         // (default case) If we got redirected here onto the base domain of the Gitpod installation, we can just issue the cookie right away.
         const cookie = await this.session.createJWTSessionCookie(user.id);
         response.cookie(cookie.name, cookie.value, cookie.opts);
@@ -116,10 +97,6 @@ export class LoginCompletionHandler {
         response.redirect(returnTo);
     }
 
-    public isBaseDomain(req: express.Request): boolean {
-        return req.hostname === this.config.hostUrl.url.hostname;
-    }
-
     public async updateAuthProviderAsVerified(hostname: string, user: User) {
         const hostCtx = this.hostContextProvider.get(hostname);
         log.info("Updating auth provider as verified", { hostname });
