From a5034aabaeed210f30e2c1b34d6becebbb342201 Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Thu, 18 Nov 2021 08:49:23 -0700
Subject: [PATCH] authenticate: redirect / to /.pomerium/ (#2770)

---
 authenticate/handlers.go          | 3 +++
 config/envoyconfig/routes.go      | 2 +-
 config/envoyconfig/routes_test.go | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/authenticate/handlers.go b/authenticate/handlers.go
index dabb26c3d..4c3fba7a1 100644
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@@ -67,6 +67,9 @@ func (a *Authenticate) Mount(r *mux.Router) {
 		)(h)
 	})
 
+	// redirect / to /.pomerium/
+	r.Path("/").Handler(http.RedirectHandler("/.pomerium/", http.StatusFound))
+
 	r.Path("/robots.txt").HandlerFunc(a.RobotsTxt).Methods(http.MethodGet)
 	// Identity Provider (IdP) endpoints
 	r.Path("/oauth2/callback").Handler(httputil.HandlerFunc(a.OAuthCallback)).Methods(http.MethodGet)
diff --git a/config/envoyconfig/routes.go b/config/envoyconfig/routes.go
index 5aa6629eb..0c82ff1b4 100644
--- a/config/envoyconfig/routes.go
+++ b/config/envoyconfig/routes.go
@@ -110,7 +110,7 @@ func (b *Builder) buildPomeriumHTTPRoutes(options *config.Options, domain string
 		return nil, err
 	}
 	if config.IsAuthenticate(options.Services) && hostMatchesDomain(authenticateURL, domain) {
-		r, err := b.buildControlPlanePathRoute(options.AuthenticateCallbackPath, false)
+		r, err := b.buildControlPlanePrefixRoute("/", false)
 		if err != nil {
 			return nil, err
 		}
diff --git a/config/envoyconfig/routes_test.go b/config/envoyconfig/routes_test.go
index b73c6de46..7bb68247a 100644
--- a/config/envoyconfig/routes_test.go
+++ b/config/envoyconfig/routes_test.go
@@ -96,7 +96,7 @@ func Test_buildPomeriumHTTPRoutes(t *testing.T) {
 			`+routeString("path", "/.well-known/pomerium", false)+`,
 			`+routeString("prefix", "/.well-known/pomerium/", false)+`,
 			`+routeString("path", "/robots.txt", false)+`,
-			`+routeString("path", "/oauth2/callback", false)+`
+			`+routeString("prefix", "/", false)+`
 		]`, routes)
 	})
 	t.Run("proxy fronting authenticate", func(t *testing.T) {