Use variable request_uri as redirect after auth

[aledbf]

No description provided.

[k8s-reviewable]

This change is 

[coveralls]

Coverage increased (+0.01%) to 44.687% when pulling ca2733ca6a44c48d0ec89c3527f49d296d77273e on aledbf:oauth2-auth into edb1c69 on kubernetes:master.

[coveralls]

Coverage decreased (-0.03%) to 44.661% when pulling 91d8adce2b4ff1248873f33aa8129b70ccc64df0 on aledbf:oauth2-auth into f1598b3 on kubernetes:master.

[coveralls]

Coverage decreased (-0.01%) to 44.687% when pulling 5e08600 on aledbf:oauth2-auth into 015ef8d on kubernetes:master.

[aledbf]

I believe the two lines above should allow to return a cookie from auth backend to the sign-in url.
Unfortunately, this doesn't work.

Please make sure you are using the $host variable. It's not possible to use cookies from another domain

This passes query string to the sing-in url. What if the sign-url already contains query string? Wouldn't there be multiple "?" marks?

This is fixed in master.

[xeor]

The ? breaks my setup using bitly/oauth2_proxy.
In the callback request, I can see the cookie being set correctly, but for some reason, the browser doesn't set it.

Example, the callbacks will be:

• .11: https://my.domain/oauth2/callback?state=abc:/&code=4/zyx
• .12: https://my.domain/oauth2/callback?state=abc:/oauth2/sign_in?rd%3D/&code=4/zyx

So, state will be abc:/oauth2/sign_in?rd=/ on .12, which is probably why it doesn't work..

Can't find the fix in master? Will we need to hold back to .13 if we use oauth_proxy (or similar)?

[georgecrawford]

I'm not sure what my issue is, but it looks related. With .12 or higher, I see this redirect loop:

1. https://MY_K8S_DASHBOARD_URL
    - 302 to https://MY_K8S_DASHBOARD_URL/oauth2/sign_in?rd=/

2. https://MY_K8S_DASHBOARD_URL/oauth2/sign_in?rd=/
    - displays "Sign in with a GitLab account" button, which loads:

3. https://MY_K8S_DASHBOARD_URL/oauth2/start?rd=%2Foauth2%2Fsign_in%3Frd%3D%2F
    - 302 to https://MY_GITLAB_URL/oauth/authorize?approval_prompt=force&client_id=GITLAB_CLIENT_ID&redirect_uri=https%3A%2F%2FMY_K8S_DASHBOARD_URL%2Foauth2%2Fcallback&response_type=code&scope=api&state=STATE_PARAM%3A%2Foauth2%2Fsign_in%3Frd%3D%2F

4. https://MY_GITLAB_URL/oauth/authorize?approval_prompt=force&client_id=GITLAB_CLIENT_ID&redirect_uri=https%3A%2F%2FMY_K8S_DASHBOARD_URL%2Foauth2%2Fcallback&response_type=code&scope=api&state=STATE_PARAM%3A%2Foauth2%2Fsign_in%3Frd%3D%2F
    - 302 to https://MY_K8S_DASHBOARD_URL/oauth2/callback?code=CODE_PARAM&state=STATE_PARAM%3A%2Foauth2%2Fsign_in%3Frd%3D%2F

5. https://MY_K8S_DASHBOARD_URL/oauth2/callback?code=CODE_PARAM&state=STATE_PARAM%3A%2Foauth2%2Fsign_in%3Frd%3D%2F
    - 302 to /oauth2/sign_in?rd=/
    - set-cookie:_oauth2_proxy=COOKIE_STRING; Path=/; Domain=MY_K8S_DASHBOARD_URL; Expires=Sat, 16 Sep 2017 11:01:31 GMT; HttpOnly; Secure

6. https://MY_K8S_DASHBOARD_URL/oauth2/sign_in?rd=/
    - 200 OK
    - page again shows the "Sign in with a GitLab account" button from step 2

.11 works fine.

[marcusramberg]

This change breaks for me too.