Skip to content

Commit 91a230f

Browse files
arielshaqedarielshaqed
committed
Explicitly redirect to login page from controller during lakectl login
releaseToken is _not_ part of the UI, and there is no implicit redirection there from middleware. Instead, redirect there from the controller.
1 parent 9f90cc8 commit 91a230f

File tree

1 file changed

+22
-14
lines changed

1 file changed

+22
-14
lines changed

pkg/api/controller.go

Lines changed: 22 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -927,8 +927,28 @@ func (c *Controller) ReleaseTokenToMailbox(w http.ResponseWriter, r *http.Reques
927927

928928
c.LogAction(ctx, "release_token_to_mailbox", r, "", "", "")
929929

930+
user, err := auth.GetUser(ctx)
931+
if err != nil {
932+
// This is typically called from a browser - send it to login, return here
933+
// after.
934+
c.Logger.
935+
WithContext(ctx).
936+
WithError(err).
937+
WithField("accept", r.Header.Get("Accept")).
938+
Debug("Failed to get user - redirect to login")
939+
redirectURL := url.URL{
940+
Path: fmt.Sprintf("/auth/login"),
941+
// TODO(ariels): Use a relative URI?
942+
RawQuery: fmt.Sprintf("next=%s", url.QueryEscape(r.URL.String())),
943+
}
944+
c.Logger.WithContext(ctx).WithField("redirect", redirectURL.String()).Info("[DEBUG] redirect")
945+
w.Header().Set("Location", redirectURL.String())
946+
w.WriteHeader(http.StatusTemporaryRedirect)
947+
return
948+
}
949+
930950
// Release will release a token for the authenticated user.
931-
err := c.loginTokenProvider.Release(ctx, loginRequestToken)
951+
err = c.loginTokenProvider.Release(ctx, loginRequestToken)
932952
if c.handleAPIError(ctx, w, r, err) {
933953
return
934954
}
@@ -945,19 +965,7 @@ func (c *Controller) ReleaseTokenToMailbox(w http.ResponseWriter, r *http.Reques
945965

946966
switch {
947967
case mediaType.EqualsMIME(textHTML):
948-
username := ""
949-
user, err := auth.GetUser(ctx)
950-
if err != nil {
951-
// Errors are safe here, at worst we won't tell user their name.
952-
c.Logger.
953-
WithContext(r.Context()).
954-
WithError(err).
955-
WithField("accept", r.Header.Get("Accept")).
956-
Warn("Failed to get user - they won't see their logged-in name on the page")
957-
}
958-
if user != nil {
959-
username = user.Username
960-
}
968+
username := user.Username
961969
// This endpoint is _usually_ visited by a browser. Report to the user that
962970
// they logged in, telling them the name they used to log in.
963971
httputil.KeepPrivate(w)

0 commit comments

Comments
 (0)