Allow to redirect to an app for OIDC onboarding (#3044)

A Cozy can be onboarded with the need to redirect to a specific app. The password selection page accepts a redirection parameter for this use case, but when the OIDC method is used for authentication, the user doesn't go on this page and it doesn't work. We now accept also this redirection parameter for / when OIDC is enabled.

Allow to redirect to an app for OIDC onboarding (#3044)
d8d8c2f6 · Bruno Michel · GitHub · a074e8be · d8d8c2f6
Unverified Commit d8d8c2f6 authored 4 years ago by Bruno Michel Committed by GitHub 4 years ago
--- a/web/auth/auth.go
+++ b/web/auth/auth.go
@@ -7,6 +7,7 @@ import (
 	"strconv"
 	"strings"
+	"github.com/cozy/cozy-stack/model/app"
 	"github.com/cozy/cozy-stack/model/bitwarden/settings"
 	"github.com/cozy/cozy-stack/model/instance"
 	"github.com/cozy/cozy-stack/model/instance/lifecycle"
@@ -74,6 +75,24 @@ func Home(c echo.Context) error {
 		return c.Redirect(http.StatusSeeOther, redirect.String())
 	}
+	// Onboarding to a specific app when authentication via OIDC is enabled
+	redirection := c.QueryParam("redirection")
+	if redirection != "" && !instance.IsPasswordAuthenticationEnabled() {
+		splits := strings.SplitN(redirection, "#", 2)
+		parts := strings.SplitN(splits[0], "/", 2)
+		if _, err := app.GetWebappBySlug(instance, parts[0]); err == nil {
+			u := instance.SubDomain(parts[0])
+			if len(parts) == 2 {
+				u.Path = parts[1]
+			}
+			if len(splits) == 2 {
+				u.Fragment = splits[1]
+			}
+			q := url.Values{"redirect": {u.String()}}
+			return c.Redirect(http.StatusSeeOther, instance.PageURL("/oidc/start", q))
+		}
+	}
 	var params url.Values
 	if jwt := c.QueryParam("jwt"); jwt != "" {
 		params = url.Values{"jwt": {jwt}}