Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Redirect redirect requests if they arrive on the wrong URI
Browse files Browse the repository at this point in the history
  • Loading branch information
richvdh committed Feb 18, 2021
1 parent 626afd7 commit 5ee8a1c
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions synapse/rest/client/v1/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,7 @@ def __init__(self, hs: "HomeServer"):
hs.get_oidc_handler()
self._sso_handler = hs.get_sso_handler()
self._msc2858_enabled = hs.config.experimental.msc2858_enabled
self._public_baseurl = hs.config.public_baseurl

def register(self, http_server: HttpServer) -> None:
super().register(http_server)
Expand All @@ -373,6 +374,28 @@ def register(self, http_server: HttpServer) -> None:
async def on_GET(
self, request: SynapseRequest, idp_id: Optional[str] = None
) -> None:
if not self._public_baseurl:
raise SynapseError(400, "SSO requires a valid public_baseurl")

# if this isn't the expected hostname, redirect to the right one, so that we
# get our cookies back.
requested_uri = b"%s://%s%s" % (
b"https" if request.isSecure() else b"http",
request.getHeader(b"host"),
request.uri,
)
baseurl_bytes = self._public_baseurl.encode("utf-8")
if not requested_uri.startswith(baseurl_bytes):
i = requested_uri.index(b"/_matrix")
new_uri = baseurl_bytes[:-1] + requested_uri[i:]
logger.info(
"Requested URI %s is not canonical: redirecting to %s",
requested_uri.decode("utf-8", errors="replace"),
new_uri.decode("utf-8", errors="replace"),
)
request.redirect(new_uri)
finish_request(request)

client_redirect_url = parse_string(
request, "redirectUrl", required=True, encoding=None
)
Expand Down

0 comments on commit 5ee8a1c

Please sign in to comment.