[release-11.4.4] [IAM] Prepend AppSubURL to redirectURI before validating it (#104084)

[IAM] Prepend AppSubURL to redirectURI before validating it (#103475) (cherry picked from commit 5053aa576d)
8 months ago · 1285f8ca5a
parent 77bd0082d1
commit 1285f8ca5a
2 changed files with 3 additions and 3 deletions
--- a/pkg/api/user_token.go
+++ b/pkg/api/user_token.go
@ -88,11 +88,11 @@ func (hs *HTTPServer) RotateUserAuthTokenRedirect(c *contextmodel.ReqContext) re
 		return response.Redirect(hs.GetRedirectURL(c))
 	}

-	redirectTo := c.Query("redirectTo")
+	redirectTo := hs.Cfg.AppSubURL + c.Query("redirectTo")
 	if err := hs.ValidateRedirectTo(redirectTo); err != nil {
 		return response.Redirect(hs.Cfg.AppSubURL + "/")
 	}
-	return response.Redirect(hs.Cfg.AppSubURL + redirectTo)
+	return response.Redirect(redirectTo)
 }

 // swagger:route POST /user/auth-tokens/rotate
--- a/pkg/services/authn/authn.go
+++ b/pkg/services/authn/authn.go
@ -281,7 +281,7 @@ func handleLogin(r *http.Request, w http.ResponseWriter, cfg *setting.Cfg, ident
 			scopedRedirectToCookie, err := r.Cookie(redirectToCookieName)
 			if err == nil {
 				redirectTo, _ := url.QueryUnescape(scopedRedirectToCookie.Value)
-				if redirectTo != "" && validator(redirectTo) == nil {
+				if redirectTo != "" && validator(cfg.AppSubURL+redirectTo) == nil {
 					redirectURL = cfg.AppSubURL + redirectTo
 				}
 				cookies.DeleteCookie(w, redirectToCookieName, cookieOptions(cfg))