Configuring dynamic redirect post login (#194)

The client will have to send a query parameter redirectUrl or a header X-Redirect-Url in order for the server to redirect the client to the appropriate URL post login. If neither of these parameters are present, the client is redirected to /applications by default. Co-authored-by: Shrikant Sharat Kandula <shrikant@appsmith.com>
2020-07-29 16:07:40 +05:30 · 2020-07-29 16:07:40 +05:30 · 4475bc2b1e
commit 4475bc2b1e
parent 4b026d5acb
3 changed files with 35 additions and 6 deletions
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/AuthenticationSuccessHandler.java
@ -85,7 +85,7 @@ public class AuthenticationSuccessHandler implements ServerAuthenticationSuccess

        // On authentication success, we send a redirect to the client's home page. This ensures that the session
        // is set in the cookie on the browser.
-        String redirectUrl = RedirectHelper.getRedirectUrl(exchange.getRequest().getHeaders());
+        String redirectUrl = RedirectHelper.getRedirectUrl(exchange.getRequest());

        URI defaultRedirectLocation = URI.create(redirectUrl);
        return this.redirectStrategy.sendRedirect(exchange, defaultRedirectLocation);
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/authentication/handlers/CustomServerOAuth2AuthorizationRequestResolver.java
@ -174,7 +174,7 @@ public class CustomServerOAuth2AuthorizationRequestResolver implements ServerOAu
                .clientId(clientRegistration.getClientId())
                .authorizationUri(clientRegistration.getProviderDetails().getAuthorizationUri())
                .redirectUri(redirectUriStr).scopes(clientRegistration.getScopes())
-                .state(this.generateKey(exchange.getRequest().getHeaders()))
+                .state(this.generateKey(exchange.getRequest()))
                .attributes(attributes)
                .build();
    }
@ -185,12 +185,12 @@ public class CustomServerOAuth2AuthorizationRequestResolver implements ServerOAu
     * based on the referer so as to transfer control back to it. If the referer is not available, we default to
     * redirecting to the server's index page.
     *
-     * @param httpHeaders
+     * @param request
     * @return
     */
-    private String generateKey(HttpHeaders httpHeaders) {
+    private String generateKey(ServerHttpRequest request) {
        String stateKey = this.stateGenerator.generateKey();
-        String redirectUrl = RedirectHelper.getRedirectUrl(httpHeaders);
+        String redirectUrl = RedirectHelper.getRedirectUrl(request);
        stateKey = stateKey + "," + Security.STATE_PARAMETER_ORIGIN + redirectUrl;
        return stateKey;
    }
--- a/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RedirectHelper.java
+++ b/app/server/appsmith-server/src/main/java/com/appsmith/server/helpers/RedirectHelper.java
@ -2,6 +2,8 @@ package com.appsmith.server.helpers;

 import com.appsmith.server.constants.Security;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;

 import java.net.URI;
@ -11,8 +13,34 @@ public class RedirectHelper {

    public static final String DEFAULT_REDIRECT_URL = "/applications";
    private static final String REDIRECT_URL_HEADER = "X-Redirect-Url";
+    private static final String REDIRECT_URL_QUERY_PARAM = "redirectUrl";

-    public static String getRedirectUrl(HttpHeaders httpHeaders) {
+    /**
+     * This function determines the redirect url that the browser should redirect to post-login. The priority order
+     * in which these checks will be made are:
+     * 1. Query parameters
+     * 2. Headers
+     *
+     * @param request
+     * @return
+     */
+    public static String getRedirectUrl(ServerHttpRequest request) {
+
+        MultiValueMap<String, String> queryParams = request.getQueryParams();
+        HttpHeaders httpHeaders = request.getHeaders();
+
+        if (queryParams != null && queryParams.containsKey(REDIRECT_URL_QUERY_PARAM)) {
+            String redirectUrl = queryParams.getFirst(REDIRECT_URL_QUERY_PARAM);
+            if (!(redirectUrl.startsWith("http://") || redirectUrl.startsWith("https://")) &&
+                    !StringUtils.isEmpty(httpHeaders.getOrigin())) {
+                redirectUrl = httpHeaders.getOrigin() + (StringUtils.isEmpty(redirectUrl) ? DEFAULT_REDIRECT_URL : redirectUrl);
+            }
+            return redirectUrl;
+        }
+        return getRedirectUrlFromHeader(httpHeaders);
+    }
+
+    private static String getRedirectUrlFromHeader(HttpHeaders httpHeaders) {
        // First check if the custom redirect header is set
        String redirectUrl = httpHeaders.getFirst(REDIRECT_URL_HEADER);

@ -46,4 +74,5 @@ public class RedirectHelper {
        }
        return redirectUrl;
    }
+
 }