Skip to content

Commit c96fccb

Browse files
arielshaqedarielshaqed
committed
Explicitly redirect to login page from controller during lakectl login
releaseToken is _not_ part of the UI, and there is no implicit redirection there from middleware. Instead, redirect there from the controller.
1 parent 9a980e9 commit c96fccb

File tree

1 file changed

+22
-14
lines changed

1 file changed

+22
-14
lines changed

pkg/api/controller.go

Lines changed: 22 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -944,8 +944,28 @@ func (c *Controller) ReleaseTokenToMailbox(w http.ResponseWriter, r *http.Reques
944944

945945
c.LogAction(ctx, "release_token_to_mailbox", r, "", "", "")
946946

947+
user, err := auth.GetUser(ctx)
948+
if err != nil {
949+
// This is typically called from a browser - send it to login, return here
950+
// after.
951+
c.Logger.
952+
WithContext(ctx).
953+
WithError(err).
954+
WithField("accept", r.Header.Get("Accept")).
955+
Debug("Failed to get user - redirect to login")
956+
redirectURL := url.URL{
957+
Path: fmt.Sprintf("/auth/login"),
958+
// TODO(ariels): Use a relative URI?
959+
RawQuery: fmt.Sprintf("next=%s", url.QueryEscape(r.URL.String())),
960+
}
961+
c.Logger.WithContext(ctx).WithField("redirect", redirectURL.String()).Info("[DEBUG] redirect")
962+
w.Header().Set("Location", redirectURL.String())
963+
w.WriteHeader(http.StatusTemporaryRedirect)
964+
return
965+
}
966+
947967
// Release will release a token for the authenticated user.
948-
err := c.loginTokenProvider.Release(ctx, loginRequestToken)
968+
err = c.loginTokenProvider.Release(ctx, loginRequestToken)
949969
if c.handleAPIError(ctx, w, r, err) {
950970
return
951971
}
@@ -962,19 +982,7 @@ func (c *Controller) ReleaseTokenToMailbox(w http.ResponseWriter, r *http.Reques
962982

963983
switch {
964984
case mediaType.EqualsMIME(textHTML):
965-
username := ""
966-
user, err := auth.GetUser(ctx)
967-
if err != nil {
968-
// Errors are safe here, at worst we won't tell user their name.
969-
c.Logger.
970-
WithContext(r.Context()).
971-
WithError(err).
972-
WithField("accept", r.Header.Get("Accept")).
973-
Warn("Failed to get user - they won't see their logged-in name on the page")
974-
}
975-
if user != nil {
976-
username = user.Username
977-
}
985+
username := user.Username
978986
// This endpoint is _usually_ visited by a browser. Report to the user that
979987
// they logged in, telling them the name they used to log in.
980988
httputil.KeepPrivate(w)

0 commit comments

Comments
 (0)