outposts/proxy: Fix invalid redirect on external hosts containing path components

[GermanCoding]

Details

I was trying to setup a proxy provider (proxy mode, not forwarding) with an outpost. I'm using an external host that contains a path component, like this:

External Host: https://example.com/myApp

This generally works nicely with authentik, except for the login. Assume my webbrowser is currently on https://example.com/myApp/resourceA and the proxy detects that the user needs to (re-)login. Now, what happens is that after the login has completed, you get redirected back to https://example.com/resourceA. The path component myApp is simply cut off, which then causes 404 errors in my app (since that URL doesn't exist).

The reason for this misbehavior is the urlPathSet() function, which completely removes any path components set by the external host setting. This is apparently only done in one place (redirectToStart()) and no where else. It also seems to be unnecessary - why can't we simply join the base (the external host) and the target URL? This works just as before, but without the issue created by cutting off parts of the URL.

I also modernized the urlJoin function to use modern golang functions. The benefit is that the url.JoinPath() is smarter than path.Join() - for example, path.Join cuts off trailing slashes, which might be problematic for URLs. url.JoinPath() knows this and doesn't do this.

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	346f004
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/65f9e30822972900088b519c
😎 Deploy Preview	https://deploy-preview-8915--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	346f004
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/65f9e308f8ad9e0008d1d580
😎 Deploy Preview	https://deploy-preview-8915--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[GermanCoding]

Sorry, looks like I missed that test case. I changed it to match the new logic.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.33%. Comparing base (cef1d2d) to head (346f004).
Report is 369 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #8915       +/-   ##
===========================================
+ Coverage   46.62%   92.33%   +45.70%     
===========================================
  Files         626      640       +14     
  Lines       30996    31552      +556     
===========================================
+ Hits        14451    29132    +14681     
+ Misses      16545     2420    -14125     

Flag	Coverage Δ
e2e	50.48% <ø> (+5.76%)	⬆️
integration	26.09% <ø> (+0.10%)	⬆️
unit	89.67% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.