authenticate: validate signature on /.pomerium, /.pomerium/sign_in and /.pomerium/sign_out (#2048)

Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
This commit is contained in:
Travis Groth 2021-04-01 10:04:16 -04:00 committed by GitHub
parent c96ff595e5
commit 0635c838c9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 117 additions and 18 deletions

View file

@ -87,12 +87,13 @@ func (p *Proxy) userInfo(w http.ResponseWriter, r *http.Request) {
redirectURL = ref
}
url := state.authenticateDashboardURL.ResolveReference(&url.URL{
uri := state.authenticateDashboardURL.ResolveReference(&url.URL{
RawQuery: url.Values{
urlutil.QueryRedirectURI: {redirectURL},
}.Encode(),
})
httputil.Redirect(w, r, url.String(), http.StatusFound)
uri = urlutil.NewSignedURL(state.sharedKey, uri).Sign()
httputil.Redirect(w, r, uri.String(), http.StatusFound)
}
// Callback handles the result of a successful call to the authenticate service