Merge pull request #591 from OSC/dex

Allow additional redirect URIs with Dex
OSC · Jul 16, 2020 · 8d4e9dc · 8d4e9dc
2 parents 7946b09 + ed12d10
commit 8d4e9dc
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 4 deletions.
diff --git a/ood-portal-generator/lib/ood_portal_generator/dex.rb b/ood-portal-generator/lib/ood_portal_generator/dex.rb
@@ -138,15 +138,16 @@ def client_port
     end
 
     def client_id
-      @view.servername || OodPortalGenerator.fqdn
+      @config.fetch(:client_id, (@view.servername || OodPortalGenerator.fqdn))
     end
 
     def client_url
       "#{client_protocol}#{client_id}#{client_port}"
     end
 
-    def client_redirect_uri
-      "#{client_url}/oidc"
+    def client_redirect_uris
+      config_redirect_uris = @config.fetch(:client_redirect_uris, [])
+      ["#{client_url}/oidc"] + config_redirect_uris
     end
 
     def client_name
@@ -160,7 +161,7 @@ def client_secret
     def static_clients
       ood_client = {
         id: client_id,
-        redirectURIs: [client_redirect_uri],
+        redirectURIs: client_redirect_uris,
         name: client_name,
         secret: client_secret,
       }

diff --git a/ood-portal-generator/spec/application_spec.rb b/ood-portal-generator/spec/application_spec.rb
@@ -99,6 +99,25 @@
         described_class.generate()
       end
 
+      it 'generates full dex configs with SSL and multiple redirect URIs' do
+        allow(described_class).to receive(:context).and_return({
+          servername: 'example.com',
+          port: '443',
+          ssl: [
+            'SSLCertificateFile /etc/pki/tls/certs/example.com.crt',
+            'SSLCertificateKeyFile /etc/pki/tls/private/example.com.key',
+            'SSLCertificateChainFile /etc/pki/tls/certs/example.com-interm.crt',
+          ],
+          client_redirect_uris: [
+            'https://localhost:4443/simplesaml/module.php/authglobus/linkback.php',
+            'https://localhost:2443/oidc/callback/',
+          ],
+        })
+        expected_dex_yaml = read_fixture('dex.yaml.full-redirect-uris').gsub('/etc/ood/dex', config_dir)
+        expect(described_class.dex_output).to receive(:write).with(expected_dex_yaml)
+        described_class.generate()
+      end
+
       it 'generates copies SSL certs' do
         certdir = Dir.mktmpdir
         cert = File.join(certdir, 'cert')

diff --git a/ood-portal-generator/spec/fixtures/dex.yaml.full-redirect-uris b/ood-portal-generator/spec/fixtures/dex.yaml.full-redirect-uris
@@ -0,0 +1,32 @@
+---
+issuer: https://example.com:5554
+storage:
+  type: sqlite3
+  config:
+    file: "/etc/ood/dex/dex.db"
+web:
+  http: 0.0.0.0:5556
+  https: 0.0.0.0:5554
+  tlsCert: "/etc/ood/dex/example.com.crt"
+  tlsKey: "/etc/ood/dex/example.com.key"
+telemetry:
+  http: 0.0.0.0:5558
+staticClients:
+- id: example.com
+  redirectURIs:
+  - https://example.com/oidc
+  - https://localhost:4443/simplesaml/module.php/authglobus/linkback.php
+  - https://localhost:2443/oidc/callback/
+  name: OnDemand
+  secret: 0caaf24ab1a0c33440c06afe99df986365b0781f
+oauth2:
+  skipApprovalScreen: true
+enablePasswordDB: true
+staticPasswords:
+- email: ood@localhost
+  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
+  username: ood
+  userID: '08a8684b-db88-4b73-90a9-3cd1661f5466'
+frontend:
+  dir: "/usr/share/ondemand-dex/web"
+  theme: ondemand