From db00821001653a81be59cf40b39d08c3f4737ece Mon Sep 17 00:00:00 2001
From: wasaga <dmishin@pomerium.com>
Date: Fri, 28 May 2021 17:19:18 -0400
Subject: [PATCH] auth: do not strip query parameters in forward auth (#2216)

---
 internal/urlutil/url.go      | 15 ---------------
 internal/urlutil/url_test.go | 19 -------------------
 proxy/forward_auth.go        |  4 ----
 3 files changed, 38 deletions(-)

diff --git a/internal/urlutil/url.go b/internal/urlutil/url.go
index 60599478c..722fd8a69 100644
--- a/internal/urlutil/url.go
+++ b/internal/urlutil/url.go
@@ -110,18 +110,3 @@ func GetDomainsForURL(u url.URL) []string {
 func IsTCP(u *url.URL) bool {
 	return u.Scheme == "tcp+http" || u.Scheme == "tcp+https"
 }
-
-// ParseEnvoyQueryParams returns a new URL with queryparams parsed from envoy format.
-func ParseEnvoyQueryParams(u *url.URL) *url.URL {
-	nu := &url.URL{
-		Scheme: u.Scheme,
-		Host:   u.Host,
-		Path:   u.Path,
-	}
-
-	path := u.Path
-	if idx := strings.Index(path, "?"); idx != -1 {
-		nu.Path, nu.RawQuery = path[:idx], path[idx+1:]
-	}
-	return nu
-}
diff --git a/internal/urlutil/url_test.go b/internal/urlutil/url_test.go
index 39060c0ee..f8006e955 100644
--- a/internal/urlutil/url_test.go
+++ b/internal/urlutil/url_test.go
@@ -157,22 +157,3 @@ func TestGetDomainsForURL(t *testing.T) {
 		})
 	}
 }
-
-func TestParseEnvoyQueryParams(t *testing.T) {
-	tests := []struct {
-		name string
-		u    *url.URL
-		want *url.URL
-	}{
-		{"empty", &url.URL{}, &url.URL{}},
-		{"basic example", &url.URL{Host: "pomerium.io", Path: "/?uri=https://pomerium.com/"}, &url.URL{Host: "pomerium.io", Path: "/", RawQuery: "uri=https://pomerium.com/"}},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := ParseEnvoyQueryParams(tt.u)
-			if diff := cmp.Diff(got, tt.want); diff != "" {
-				t.Errorf("ParseEnvoyQueryParams() = %v", diff)
-			}
-		})
-	}
-}
diff --git a/proxy/forward_auth.go b/proxy/forward_auth.go
index a784af902..6ebd3c269 100644
--- a/proxy/forward_auth.go
+++ b/proxy/forward_auth.go
@@ -58,10 +58,6 @@ func (p *Proxy) nginxPostCallbackRedirect(w http.ResponseWriter, r *http.Request
 	if err != nil {
 		return httputil.NewError(http.StatusBadRequest, err)
 	}
-	u = urlutil.ParseEnvoyQueryParams(u)
-	q := u.Query()
-	q.Del(urlutil.QueryForwardAuthURI)
-	u.RawQuery = q.Encode()
 	httputil.Redirect(w, r, u.String(), http.StatusFound)
 	return nil
 }