[release-11.6.1] [IAM] Prepend AppSubURL to redirectURI before validating it (#103875)

[IAM] Prepend AppSubURL to redirectURI before validating it (#103475) (cherry picked from commit 5053aa576d)
3 months ago · f393fb76e4
parent 3bb21b8218
commit f393fb76e4
2 changed files with 3 additions and 3 deletions
--- a/pkg/api/user_token.go
+++ b/pkg/api/user_token.go
@ -89,11 +89,11 @@ func (hs *HTTPServer) RotateUserAuthTokenRedirect(c *contextmodel.ReqContext) re
 		return response.Redirect(hs.GetRedirectURL(c))
 	}

-	redirectTo := c.Query("redirectTo")
+	redirectTo := hs.Cfg.AppSubURL + c.Query("redirectTo")
 	if err := hs.ValidateRedirectTo(redirectTo); err != nil {
 		return response.Redirect(hs.Cfg.AppSubURL + "/")
 	}
-	return response.Redirect(hs.Cfg.AppSubURL + redirectTo)
+	return response.Redirect(redirectTo)
 }

 // swagger:route POST /user/auth-tokens/rotate
--- a/pkg/services/authn/authn.go
+++ b/pkg/services/authn/authn.go
@ -283,7 +283,7 @@ func handleLogin(r *http.Request, w http.ResponseWriter, cfg *setting.Cfg, ident
 			scopedRedirectToCookie, err := r.Cookie(redirectToCookieName)
 			if err == nil {
 				redirectTo, _ := url.QueryUnescape(scopedRedirectToCookie.Value)
-				if redirectTo != "" && validator(redirectTo) == nil {
+				if redirectTo != "" && validator(cfg.AppSubURL+redirectTo) == nil {
 					redirectURL = cfg.AppSubURL + redirectTo
 				}
 				cookies.DeleteCookie(w, redirectToCookieName, cookieOptions(cfg))