-
Notifications
You must be signed in to change notification settings - Fork 206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: prevent overwriting URL struct #1784
fix: prevent overwriting URL struct #1784
Conversation
Thank you @MattNotarangelo 🙏 Great catch. I feel like this should be breaking more than just oauth state. |
Codecov Report
@@ Coverage Diff @@
## main #1784 +/- ##
==========================================
+ Coverage 70.43% 70.45% +0.01%
==========================================
Files 58 58
Lines 5570 5567 -3
==========================================
- Hits 3923 3922 -1
+ Misses 1422 1421 -1
+ Partials 225 224 -1
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
OK I found something more interesting here. This piece of code never actually made it into any release. So I think it might be not the root cause of your oauth issue @MattNotarangelo All that is to say, your change here is still good and valid. Just trying to figure out why the original issue isn't causing more problem :D |
Yeah when I built Flipt from
All query parameters getting stripped throughout Flipt. Update: There is a hole in our integration tests which this bug found its way around. |
Thanks @GeorgeMac, I appreciate the prompt response 🙏 |
Hey @MattNotarangelo qq. were you using an official release of Flipt? or were you running on e.g. nightly? The bug you shared does look like it would've been caused by the state parameter being dropped altogether on the callback. But I can't see this code in any of our tagged releases. Wondering if you were on nightly or a build off |
Hey, I'm currently running v1.20 and wanted to play around with some of the newer features since that release. I used the latest commit on main and noticed the issue |
Thanks @MattNotarangelo 🙏 I think that explains it as the trailing slash code was on main. |
@all-contributors please add @MattNotarangelo for code |
I've put up a pull request to add @MattNotarangelo! 🎉 |
I noticed that OIDC authentication was broken with the message
{"code":13,"message":"handling OIDC callback: Provider.Exchange: authentication request state and authorization state are not equal: invalid parameter","details":[]}
, beginning with the changes from #1754.This fix stops the
http.Request.URL
struct from being overwritten to preserve the query data.EDIT: Just realised that this is the same change that @GeorgeMac suggested (#1754 (comment))