Support ignoring redirects during oauth2 flow (#326)

* feat(cmd/config): support ignoring redirects during auth flow * fix(test/config): config test should expect correct yaml * fix(cmd/gateclient): fixed an introduced nil pointer dereference * fix(cmd/gateclient): nil reference on gateClient auth config * chore(gateclient): added back comment * kick Co-authored-by: Graham Bucknell <graham.bucknell@monster.com>
spinnaker · Aug 17, 2022 · 259a670 · 259a670
1 parent 0003273
commit 259a670
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 4 deletions.
diff --git a/cmd/gateclient/client.go b/cmd/gateclient/client.go
@@ -76,6 +76,8 @@ type GatewayClient struct {
 
 	ignoreCertErrors bool
 
+	ignoreRedirects bool
+
 	// Location of the spin config.
 	configLocation string
 
@@ -96,10 +98,11 @@ func (m *GatewayClient) GateEndpoint() string {
 }
 
 // Create new spinnaker gateway client with flag
-func NewGateClient(ui output.Ui, gateEndpoint, defaultHeaders, configLocation string, ignoreCertErrors bool) (*GatewayClient, error) {
+func NewGateClient(ui output.Ui, gateEndpoint, defaultHeaders, configLocation string, ignoreCertErrors bool, ignoreRedirects bool) (*GatewayClient, error) {
 	gateClient := &GatewayClient{
 		gateEndpoint:     gateEndpoint,
 		ignoreCertErrors: ignoreCertErrors,
+		ignoreRedirects:  ignoreRedirects,
 		ui:               ui,
 		Context:          context.Background(),
 	}
@@ -116,6 +119,14 @@ func NewGateClient(ui output.Ui, gateEndpoint, defaultHeaders, configLocation st
 		return nil, unwrapErr(ui, err)
 	}
 
+	// If IgnoreRedirects is set to true, CheckRedirect will return a special error type
+	// 'ErrUseLastResponse', telling the client not to follow redirects
+	if ignoreRedirects || (gateClient.Config.Auth != nil && gateClient.Config.Auth.IgnoreRedirects) {
+		httpClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		}
+	}
+
 	gateClient.Context, err = ContextWithAuth(gateClient.Context, gateClient.Config.Auth)
 
 	if ignoreCertErrors {
@@ -499,10 +510,9 @@ func login(httpClient *http.Client, endpoint string, accessToken string) error {
 		return err
 	}
 	loginReq.Header.Set("Authorization", fmt.Sprintf("Bearer %s", accessToken))
-
 	_, err = httpClient.Do(loginReq) // Login to establish session.
 	if err != nil {
-		return errors.New("login failed")
+		return errors.New(fmt.Sprintf("login failed: %s", err))
 	}
 	return nil
 }

diff --git a/cmd/root.go b/cmd/root.go
@@ -14,6 +14,7 @@ type RootOptions struct {
 	configPath       string
 	gateEndpoint     string
 	ignoreCertErrors bool
+	ignoreRedirects  bool
 	quiet            bool
 	color            bool
 	outputFormat     string
@@ -40,6 +41,7 @@ func NewCmdRoot(outWriter, errWriter io.Writer) (*cobra.Command, *RootOptions) {
 	cmd.PersistentFlags().StringVar(&options.configPath, "config", "", "path to config file (default $HOME/.spin/config)")
 	cmd.PersistentFlags().StringVar(&options.gateEndpoint, "gate-endpoint", "", "Gate (API server) endpoint (default http://localhost:8084)")
 	cmd.PersistentFlags().BoolVarP(&options.ignoreCertErrors, "insecure", "k", false, "ignore certificate errors")
+	cmd.PersistentFlags().BoolVarP(&options.ignoreRedirects, "ignore-redirects", "", false, "ignore redirects")
 	cmd.PersistentFlags().StringVar(&options.defaultHeaders, "default-headers", "", "configure default headers for gate client as comma separated list (e.g. key1=value1,key2=value2)")
 
 	// UI Flags
@@ -63,6 +65,7 @@ func NewCmdRoot(outWriter, errWriter io.Writer) (*cobra.Command, *RootOptions) {
 			options.defaultHeaders,
 			options.configPath,
 			options.ignoreCertErrors,
+			options.ignoreRedirects,
 		)
 		if err != nil {
 			return err

diff --git a/config/auth/authconfig.go b/config/auth/authconfig.go
@@ -26,6 +26,7 @@ import (
 // Config is the CLI's authentication configuration.
 type Config struct {
 	Enabled          bool           `json:"enabled" yaml:"enabled"`
+	IgnoreRedirects  bool           `json:"ignoreRedirects" yaml:"ignoreRedirects"`
 	IgnoreCertErrors bool           `json:"ignoreCertErrors" yaml:"ignoreCertErrors"`
 	X509             *x509.Config   `json:"x509,omitempty" yaml:"x509,omitempty"`
 	OAuth2           *oauth2.Config `json:"oauth2,omitempty" yaml:"oauth2,omitempty"`

diff --git a/config/config_test.go b/config/config_test.go
@@ -28,7 +28,7 @@ func TestBasicMarshalling(t *testing.T) {
 func TestYAMLRoundTrip(t *testing.T) {
 	var cfg Config
 
-	want := "auth:\n  enabled: false\n  ignoreCertErrors: true\ngate:\n  endpoint: test\n"
+	want := "auth:\n  enabled: false\n  ignoreCertErrors: true\n  ignoreRedirects: true\ngate:\n  endpoint: test\n"
 	err := yaml.Unmarshal([]byte(want), &cfg)
 
 	if err != nil {