Merge pull request #2 from remove158/fix/query-params-conserved

Fix query params conserved

Author: remove158

cmd/handlers/auth.go

@@ -3,6 +3,7 @@ package handlers
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/wire"
@@ -37,6 +38,11 @@ func (h *AuthHandler) GetLogin(ctx *gin.Context) {
 		return
 	}
 
+	if _, err := url.Parse(request.Service); err != nil {
+		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+
 	ctx.HTML(http.StatusOK, "index.html", gin.H{
 		"service": request.Service,
 	})
@@ -50,7 +56,13 @@ func (h *AuthHandler) PostLogin(ctx *gin.Context) {
 	}
 	user := generateUserResponse(request)
 	ticket := h.authService.PostLogin(user)
-	ctx.Redirect(http.StatusFound, generatePath(request.Service, ticket))
+
+	redirectURL, err := h.authService.GeneratePath(request.Service, ticket)
+	if err != nil {
+		ctx.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
+		return
+	}
+	ctx.Redirect(http.StatusFound, redirectURL)
 }
 
 func generateUserResponse(request models.PostLoginRequest) models.UserResponse {
@@ -72,10 +84,6 @@ func generateUserResponse(request models.PostLoginRequest) models.UserResponse {
 	}
 }
 
-func generatePath(service string, ticket string) string {
-	return fmt.Sprintf("%s?ticket=%s", service, ticket)
-}
-
 func (h *AuthHandler) ServiceValidation(ctx *gin.Context) {
 	var request models.ServiceValidateRequest
 	if err := ctx.ShouldBindHeader(&request); err != nil {

internal/services/auth.go

@@ -2,6 +2,7 @@ package services
 
 import (
 	"fmt"
+	"net/url"
 
 	"github.com/google/uuid"
 	"github.com/google/wire"
@@ -20,6 +21,7 @@ type AppSecret struct {
 type IAuthService interface {
 	PostLogin(user models.UserResponse) string
 	ServiceValidation(models.ServiceValidateRequest) (models.UserResponse, error)
+	GeneratePath(service string, ticket string) (result string, err error)
 }
 
 type AuthService struct {
@@ -54,3 +56,18 @@ func (h *AuthService) ServiceValidation(request models.ServiceValidateRequest) (
 	}
 	return user, nil
 }
+
+func (h *AuthService) GeneratePath(service string, ticket string) (string, error) {
+	u, err := url.Parse(service)
+
+	if err != nil {
+		return "", err
+	}
+
+	values := u.Query()
+	values.Add("ticket", ticket)
+
+	u.RawQuery = values.Encode()
+
+	return u.String(), nil
+}

internal/services/auth_test.go

@@ -1,6 +1,7 @@
 package services_test
 
 import (
+	"net/url"
 	"testing"
 
 	"github.com/remove158/chula-sso/cmd/models"
@@ -89,3 +90,45 @@ func (s *AuthServiceTest) TestServiceValidationFailOnTicketInvalid() {
 	s.Error(err)
 	s.Empty(result)
 }
+
+func (s *AuthServiceTest) TestGenerateRedirectURLSuccess() {
+	service := "https://www.google.com"
+	ticket := "this-is-a-ticket"
+	result, err := s.authService.GeneratePath(service, ticket)
+	s.NoError(err)
+
+	resultURL, err := url.Parse(result)
+	s.NoError(err)
+	expected, err := url.Parse("https://www.google.com?ticket=this-is-a-ticket")
+	s.NoError(err)
+
+	s.Equal(resultURL.Host, expected.Host)
+	s.Equal(resultURL.Path, expected.Path)
+	s.Equal(resultURL.RawQuery, expected.RawQuery)
+	s.Equal(resultURL.Scheme, expected.Scheme)
+}
+
+func (s *AuthServiceTest) TestGenerateRedirectURLSuccessWithConservedURL() {
+	service := "https://www.google.com/?redirect=%2Fhome&test=1"
+	ticket := "this-is-a-ticket"
+	result, err := s.authService.GeneratePath(service, ticket)
+	s.NoError(err)
+
+	resultURL, err := url.Parse(result)
+	s.NoError(err)
+	expected, err := url.Parse("https://www.google.com/?redirect=%2Fhome&test=1&ticket=this-is-a-ticket")
+	s.NoError(err)
+
+	s.Equal(resultURL.Host, expected.Host)
+	s.Equal(resultURL.Path, expected.Path)
+	s.Equal(resultURL.RawQuery, expected.RawQuery)
+	s.Equal(resultURL.Scheme, expected.Scheme)
+}
+
+func (s *AuthServiceTest) TestGenerateRedirectURLFailWithCantPraseURLService() {
+	service := "postgres://user:abc{DEf1=ghi@example.com:5432/db?sslmode=require"
+	ticket := "this-is-a-ticket"
+	result, err := s.authService.GeneratePath(service, ticket)
+	s.Error(err)
+	s.Empty(result)
+}