mirror of https://github.com/coder/coder.git
fix: redirect unauthorized git users to login screen (#10995)
* fix: redirect to login screen if unauthorized git user * consolidated language * fix redirect
This commit is contained in:
parent
5d2e87f1a7
commit
091fdd6761
|
@ -538,3 +538,18 @@ func RedirectToLogin(rw http.ResponseWriter, r *http.Request, dashboardURL *url.
|
|||
// (like temporary redirect does).
|
||||
http.Redirect(rw, r, u.String(), http.StatusSeeOther)
|
||||
}
|
||||
|
||||
// CustomRedirectToLogin redirects the user to the login page with the `message` and
|
||||
// `redirect` query parameters set, with a provided code
|
||||
func CustomRedirectToLogin(rw http.ResponseWriter, r *http.Request, redirect string, message string, code int) {
|
||||
q := url.Values{}
|
||||
q.Add("message", message)
|
||||
q.Add("redirect", redirect)
|
||||
|
||||
u := &url.URL{
|
||||
Path: "/login",
|
||||
RawQuery: q.Encode(),
|
||||
}
|
||||
|
||||
http.Redirect(rw, r, u.String(), code)
|
||||
}
|
||||
|
|
|
@ -510,6 +510,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
|
|||
|
||||
var selectedMemberships []*github.Membership
|
||||
var organizationNames []string
|
||||
redirect := state.Redirect
|
||||
if !api.GithubOAuth2Config.AllowEveryone {
|
||||
memberships, err := api.GithubOAuth2Config.ListOrganizationMemberships(ctx, oauthClient)
|
||||
if err != nil {
|
||||
|
@ -535,9 +536,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
if len(selectedMemberships) == 0 {
|
||||
httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
|
||||
Message: "You aren't a member of the authorized Github organizations!",
|
||||
})
|
||||
httpmw.CustomRedirectToLogin(rw, r, redirect, "You aren't a member of the authorized Github organizations!", http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -574,9 +573,7 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
if allowedTeam == nil {
|
||||
httpapi.Write(ctx, rw, http.StatusUnauthorized, codersdk.Response{
|
||||
Message: fmt.Sprintf("You aren't a member of an authorized team in the %v Github organization(s)!", organizationNames),
|
||||
})
|
||||
httpmw.CustomRedirectToLogin(rw, r, redirect, fmt.Sprintf("You aren't a member of an authorized team in the %v Github organization(s)!", organizationNames), http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
@ -658,7 +655,6 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
|
|||
http.SetCookie(rw, cookie)
|
||||
}
|
||||
|
||||
redirect := state.Redirect
|
||||
if redirect == "" {
|
||||
redirect = "/"
|
||||
}
|
||||
|
|
|
@ -24,7 +24,7 @@ export const LoginPageView: FC<LoginPageViewProps> = ({
|
|||
const redirectTo = retrieveRedirect(location.search);
|
||||
// This allows messages to be displayed at the top of the sign in form.
|
||||
// Helpful for any redirects that want to inform the user of something.
|
||||
const info = new URLSearchParams(location.search).get("info") || undefined;
|
||||
const message = new URLSearchParams(location.search).get("message");
|
||||
const applicationName = getApplicationName();
|
||||
const logoURL = getLogoURL();
|
||||
const applicationLogo = logoURL ? (
|
||||
|
@ -52,7 +52,7 @@ export const LoginPageView: FC<LoginPageViewProps> = ({
|
|||
redirectTo={redirectTo}
|
||||
isSigningIn={isSigningIn}
|
||||
error={error}
|
||||
info={info}
|
||||
message={message}
|
||||
onSubmit={onSignIn}
|
||||
/>
|
||||
<footer css={styles.footer}>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
import { type Interpolation, type Theme } from "@emotion/react";
|
||||
import { type FC } from "react";
|
||||
import { ReactNode, type FC } from "react";
|
||||
import type { AuthMethods } from "api/typesGenerated";
|
||||
import { PasswordSignInForm } from "./PasswordSignInForm";
|
||||
import { OAuthSignInForm } from "./OAuthSignInForm";
|
||||
|
@ -63,7 +63,7 @@ export interface SignInFormProps {
|
|||
isSigningIn: boolean;
|
||||
redirectTo: string;
|
||||
error?: unknown;
|
||||
info?: string;
|
||||
message?: ReactNode;
|
||||
authMethods?: AuthMethods;
|
||||
onSubmit: (credentials: { email: string; password: string }) => void;
|
||||
}
|
||||
|
@ -73,7 +73,7 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
|
|||
redirectTo,
|
||||
isSigningIn,
|
||||
error,
|
||||
info,
|
||||
message,
|
||||
onSubmit,
|
||||
}) => {
|
||||
const oAuthEnabled = Boolean(
|
||||
|
@ -91,9 +91,9 @@ export const SignInForm: FC<React.PropsWithChildren<SignInFormProps>> = ({
|
|||
</div>
|
||||
)}
|
||||
|
||||
{Boolean(info) && Boolean(error) && (
|
||||
{message && (
|
||||
<div css={styles.alert}>
|
||||
<Alert severity="info">{info}</Alert>
|
||||
<Alert severity="info">{message}</Alert>
|
||||
</div>
|
||||
)}
|
||||
|
||||
|
|
|
@ -62,7 +62,7 @@ export const useSingleSignOnSection = () => {
|
|||
// The redirect on success should be back to the login page with a nice message.
|
||||
// The user should be logged out if this worked.
|
||||
encodeURIComponent(
|
||||
`/login?info=Login type has been changed to ${loginTypeMsg}. Log in again using the new method.`,
|
||||
`/login?message=Login type has been changed to ${loginTypeMsg}. Log in again using the new method.`,
|
||||
),
|
||||
);
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue