From 63f3b610ec3385b34515dccb33296f9f328e8368 Mon Sep 17 00:00:00 2001
From: Tim Dithmer <tim.dithmer@suresecure.de>
Date: Fri, 15 Nov 2024 14:38:30 +0100
Subject: [PATCH] Fix missing /auth/login prefix with oauth provider and use
 redirect url from config if existing

---
 internal/app/auth/auth.go | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/internal/app/auth/auth.go b/internal/app/auth/auth.go
index 89637c6..c8f8c61 100644
--- a/internal/app/auth/auth.go
+++ b/internal/app/auth/auth.go
@@ -6,14 +6,15 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"github.com/h44z/wg-portal/internal/app"
-	"github.com/sirupsen/logrus"
 	"io"
 	"net/url"
 	"path"
 	"strings"
 	"time"
 
+	"github.com/h44z/wg-portal/internal/app"
+	"github.com/sirupsen/logrus"
+
 	"github.com/coreos/go-oidc/v3/oidc"
 	evbus "github.com/vardius/message-bus"
 
@@ -88,8 +89,19 @@ func (a *Authenticator) setupExternalAuthProviders(ctx context.Context) error {
 			return fmt.Errorf("auth provider with name %s is already registerd", providerId)
 		}
 
-		redirectUrl := *extUrl
-		redirectUrl.Path = path.Join(redirectUrl.Path, "/auth/login/", providerId, "/callback")
+		var redirectUrl url.URL
+		if providerCfg.RedirectURL != "" {
+			configRedirectUrl, err := url.Parse(providerCfg.RedirectURL)
+			if err != nil {
+				return fmt.Errorf("failed to parse redirect Url from oauth authentication provider config of %s: %w", providerId, err)
+			}
+
+			redirectUrl = *configRedirectUrl
+		} else {
+			// TODO: Fix bug that e.g. microsoft entra ID wants an absolute uri
+			redirectUrl = *extUrl
+			redirectUrl.Path = path.Join(redirectUrl.Path, "/auth/login/", providerId, "/callback")
+		}
 
 		provider, err := newPlainOauthAuthenticator(ctx, redirectUrl.String(), providerCfg)
 		if err != nil {
@@ -141,8 +153,8 @@ func (a *Authenticator) GetExternalLoginProviders(_ context.Context) []domain.Lo
 		authProviders = append(authProviders, domain.LoginProviderInfo{
 			Identifier:  providerId,
 			Name:        providerName,
-			ProviderUrl: fmt.Sprintf("%s/%s/init", a.cfg.CallbackUrlPrefix, providerId),
-			CallbackUrl: fmt.Sprintf("%s/%s/callback", a.cfg.CallbackUrlPrefix, providerId),
+			ProviderUrl: fmt.Sprintf("%s/auth/login/%s/init", a.cfg.CallbackUrlPrefix, providerId),
+			CallbackUrl: fmt.Sprintf("%s/auth/login/%s/callback", a.cfg.CallbackUrlPrefix, providerId),
 		})
 	}