fix: Simplify redirect logic for self-hosted (#6867)

outline · May 4, 2024 · 86abd27 · 86abd27
1 parent 4cb0f8b
commit 86abd27
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 16 deletions.
diff --git a/server/errors.ts b/server/errors.ts
@@ -8,20 +8,20 @@ export function InternalError(message = "Internal error") {
 
 export function AuthenticationError(
   message = "Authentication required",
-  redirectUrl = "/"
+  redirectPath = "/"
 ) {
   return httpErrors(401, message, {
-    redirectUrl,
+    redirectPath,
     id: "authentication_required",
   });
 }
 
 export function InvalidAuthenticationError(
   message = "Invalid authentication",
-  redirectUrl = "/"
+  redirectPath = "/"
 ) {
   return httpErrors(401, message, {
-    redirectUrl,
+    redirectPath,
     id: "invalid_authentication",
   });
 }
@@ -159,10 +159,10 @@ export function TeamPendingDeletionError(
 
 export function EmailAuthenticationRequiredError(
   message = "User must authenticate with email",
-  redirectUrl = "/"
+  redirectPath = "/"
 ) {
   return httpErrors(400, message, {
-    redirectUrl,
+    redirectPath,
     id: "email_auth_required",
   });
 }
@@ -201,10 +201,10 @@ export function OIDCMalformedUserInfoError(
 
 export function AuthenticationProviderDisabledError(
   message = "Authentication method has been disabled by an admin",
-  redirectUrl = "/"
+  redirectPath = "/"
 ) {
   return httpErrors(400, message, {
-    redirectUrl,
+    redirectPath,
     id: "authentication_provider_disabled",
   });
 }

diff --git a/server/middlewares/passport.ts b/server/middlewares/passport.ts
@@ -25,8 +25,8 @@ export default function createMiddleware(providerName: string) {
 
           if (err.id) {
             const notice = err.id.replace(/_/g, "-");
-            const redirectUrl = err.redirectUrl ?? "/";
-            const hasQueryString = redirectUrl?.includes("?");
+            const redirectPath = err.redirectPath ?? "/";
+            const hasQueryString = redirectPath?.includes("?");
 
             // Every authentication action is routed through the apex domain.
             // But when there is an error, we want to redirect the user on the
@@ -35,18 +35,17 @@ export default function createMiddleware(providerName: string) {
             // get original host
             const stateString = ctx.cookies.get("state");
             const state = stateString ? parseState(stateString) : undefined;
-            const host = state?.host ?? ctx.hostname;
 
-            // form a URL object with the err.redirectUrl and replace the host
+            // form a URL object with the err.redirectPath and replace the host
             const reqProtocol =
               state?.client === Client.Desktop ? "outline" : ctx.protocol;
-            const requestHost = ctx.get("host");
+            const requestHost = state?.host ?? ctx.hostname;
             const url = new URL(
-              `${reqProtocol}://${requestHost}${redirectUrl}`
+              env.isCloudHosted
+                ? `${reqProtocol}://${requestHost}${redirectPath}`
+                : `${env.URL}${redirectPath}`
             );
 
-            url.host = host;
-
             return ctx.redirect(
               `${url.toString()}${hasQueryString ? "&" : "?"}notice=${notice}`
             );