Commit 5ba75d73 authored by Catalin Irimie's avatar Catalin Irimie

Update Geo OAuth redirect URI to use external primary URL

Because the internal URL is something internal to the Geo sites,
and the external URL is what users would access in the first place,
this updates the secondary login OAuth flow to always redirect users
to the external URL even if an internal URL is set for the primary.
parent b40a79e4
---
title: Update Geo OAuth redirect URI to use the external primary URL even when an
internal URL exists
merge_request: 58966
author:
type: fixed
...@@ -57,7 +57,7 @@ module Gitlab ...@@ -57,7 +57,7 @@ module Gitlab
end end
def oauth_authorization_url def oauth_authorization_url
Gitlab::Utils.append_path(Gitlab::Geo.primary_node.internal_url, AUTHORIZATION_PATH) Gitlab::Utils.append_path(Gitlab::Geo.primary_node.url, AUTHORIZATION_PATH)
end end
end end
end end
......
...@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Geo::Oauth::Session, :geo do ...@@ -17,7 +17,7 @@ RSpec.describe Gitlab::Geo::Oauth::Session, :geo do
describe '#authorized_url' do describe '#authorized_url' do
it 'returns a valid url to the primary node' do it 'returns a valid url to the primary node' do
expect(subject.authorize_url).to start_with(primary_node.internal_url) expect(subject.authorize_url).to start_with(primary_node.url)
end end
context 'secondary is configured with relative URL' do context 'secondary is configured with relative URL' do
...@@ -36,6 +36,15 @@ RSpec.describe Gitlab::Geo::Oauth::Session, :geo do ...@@ -36,6 +36,15 @@ RSpec.describe Gitlab::Geo::Oauth::Session, :geo do
expect(subject.authorize_url).not_to include('relative-path') expect(subject.authorize_url).not_to include('relative-path')
end end
end end
context 'primary is configured with a different internal URL' do
it 'uses the external URL for the authorize redirect' do
primary_node.update!(internal_url: 'http://internal-primary')
expect(subject.authorize_url).not_to include('internal-primary')
expect(subject.authorize_url).to start_with(primary_node.url)
end
end
end end
describe '#authenticate' do describe '#authenticate' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment