From 3b3b646ec4e33cfc3190d9fb4cc891333bdad929 Mon Sep 17 00:00:00 2001 From: Arnav Palnitkar Date: Wed, 11 May 2022 13:46:43 -0700 Subject: [PATCH 1/5] Fix OIDC callback query params - Value of namespace was getting stripped from the state query param - Used native URL search param api to fetch the values --- ui/app/routes/vault/cluster/oidc-callback.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/ui/app/routes/vault/cluster/oidc-callback.js b/ui/app/routes/vault/cluster/oidc-callback.js index c26ac6e553ca..6bd992f8dcee 100644 --- a/ui/app/routes/vault/cluster/oidc-callback.js +++ b/ui/app/routes/vault/cluster/oidc-callback.js @@ -6,7 +6,18 @@ export default Route.extend({ // left blank so we render the template immediately }, afterModel() { - let { auth_path: path, code, state } = this.paramsFor(this.routeName); + let queryString = window.location.search; + // Check if url is encoded + if (this.containsEncodedComponents(queryString)) { + queryString = decodeURIComponent(queryString); + } + // Since state param can also contain namespace, fetch the values using native url api. + // For instance, state params value can be state=st_123456,ns=d4fq + // Ember paramsFor used to strip out the value after the "=" sign. In short ns value was not being passed along. + let urlParams = new URLSearchParams(queryString); + let state = urlParams.get('state'), + code = urlParams.get('code'); + let { auth_path: path } = this.paramsFor(this.routeName); let { namespaceQueryParam: namespace } = this.paramsFor('vault.cluster'); path = window.decodeURIComponent(path); const source = 'oidc-callback'; // required by event listener in auth-jwt component @@ -17,4 +28,8 @@ export default Route.extend({ this._super(...arguments); controller.set('pageContainer', document.querySelector('.page-container')); }, + // Helper function to check if url is encoded + containsEncodedComponents(x) { + return decodeURI(x) !== decodeURIComponent(x); + }, }); From ddbe12031ad570ba842c9941f2a7d2bb93ae2d35 Mon Sep 17 00:00:00 2001 From: Arnav Palnitkar Date: Wed, 11 May 2022 13:51:31 -0700 Subject: [PATCH 2/5] Add changelog --- changelog/15378.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelog/15378.txt diff --git a/changelog/15378.txt b/changelog/15378.txt new file mode 100644 index 000000000000..453f41b55003 --- /dev/null +++ b/changelog/15378.txt @@ -0,0 +1,3 @@ +```release-note:bug +ui: fix OIDC callback query params +``` \ No newline at end of file From 8d1fe4d033b0cac718121dc8229b716069d53cf9 Mon Sep 17 00:00:00 2001 From: Arnav Palnitkar Date: Wed, 11 May 2022 14:41:46 -0700 Subject: [PATCH 3/5] Remove unnecessary check for url encoding --- ui/app/routes/vault/cluster/oidc-callback.js | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/ui/app/routes/vault/cluster/oidc-callback.js b/ui/app/routes/vault/cluster/oidc-callback.js index 6bd992f8dcee..a3b413f5cb3e 100644 --- a/ui/app/routes/vault/cluster/oidc-callback.js +++ b/ui/app/routes/vault/cluster/oidc-callback.js @@ -6,11 +6,7 @@ export default Route.extend({ // left blank so we render the template immediately }, afterModel() { - let queryString = window.location.search; - // Check if url is encoded - if (this.containsEncodedComponents(queryString)) { - queryString = decodeURIComponent(queryString); - } + const queryString = decodeURIComponent(window.location.search); // Since state param can also contain namespace, fetch the values using native url api. // For instance, state params value can be state=st_123456,ns=d4fq // Ember paramsFor used to strip out the value after the "=" sign. In short ns value was not being passed along. @@ -28,8 +24,4 @@ export default Route.extend({ this._super(...arguments); controller.set('pageContainer', document.querySelector('.page-container')); }, - // Helper function to check if url is encoded - containsEncodedComponents(x) { - return decodeURI(x) !== decodeURIComponent(x); - }, }); From 81f70db51e356395028bd01f3f68403c6a800bcd Mon Sep 17 00:00:00 2001 From: Arnav Palnitkar Date: Fri, 13 May 2022 09:29:26 -0700 Subject: [PATCH 4/5] Extract ns value and pass as namespace param --- ui/app/routes/vault/cluster/oidc-callback.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ui/app/routes/vault/cluster/oidc-callback.js b/ui/app/routes/vault/cluster/oidc-callback.js index a3b413f5cb3e..27a2f3b58385 100644 --- a/ui/app/routes/vault/cluster/oidc-callback.js +++ b/ui/app/routes/vault/cluster/oidc-callback.js @@ -12,12 +12,22 @@ export default Route.extend({ // Ember paramsFor used to strip out the value after the "=" sign. In short ns value was not being passed along. let urlParams = new URLSearchParams(queryString); let state = urlParams.get('state'), - code = urlParams.get('code'); + code = urlParams.get('code'), + ns; + if (state.includes(',ns=')) { + let arrayParams = state.split(',ns='); + state = arrayParams[0]; + ns = arrayParams[1]; + } let { auth_path: path } = this.paramsFor(this.routeName); let { namespaceQueryParam: namespace } = this.paramsFor('vault.cluster'); path = window.decodeURIComponent(path); const source = 'oidc-callback'; // required by event listener in auth-jwt component let queryParams = { source, namespace, path, code, state }; + // If state had ns value, send it as part of namespace param + if (ns) { + queryParams.namespace = ns; + } window.opener.postMessage(queryParams, window.origin); }, setupController(controller) { From 2c62a1623d77ba3eba29f87656adb134f40f5f84 Mon Sep 17 00:00:00 2001 From: Arnav Palnitkar Date: Fri, 13 May 2022 09:44:33 -0700 Subject: [PATCH 5/5] Update changelog --- changelog/15378.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changelog/15378.txt b/changelog/15378.txt index 453f41b55003..bb752e6914c1 100644 --- a/changelog/15378.txt +++ b/changelog/15378.txt @@ -1,3 +1,3 @@ -```release-note:bug -ui: fix OIDC callback query params +```release-note:improvement +ui: Allow namespace param to be parsed from state queryParam ``` \ No newline at end of file