zotan/AutheliaMultiDomainProxy
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Harden redir target security checks

Browse source
This commit is contained in:
Laura Hausmann 2023-03-28 23:35:38 +02:00
parent 1547939604
commit 327aabaf46
Signed by: zotan
GPG key ID: D044E84C5BE01605
2 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Controllers/CookieProxyController.cs
View file

@ -14,17 +14,19 @@ public class CookieProxyController : Controller {
// Check if we are on the correct domain
if (Request.Host.Host != Vars.AuthProxySubdomain + "." + Vars.UpstreamPrimaryDomain)
return StatusCode(StatusCodes.Status421MisdirectedRequest);
if (!Request.Cookies.ContainsKey("authelia_session")
|| string.IsNullOrWhiteSpace(dstDomain)
|| !Vars.PermittedDomains.Contains(dstDomain)
|| string.IsNullOrWhiteSpace(tgt)) {
|| string.IsNullOrWhiteSpace(tgt)
|| !new Uri(tgt).Host.EndsWith(dstDomain)) {
return BadRequest("Bad request.");
}
var targetUrl =
$"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?dstDomain={HttpUtility.UrlEncode(dstDomain)}&tgt={HttpUtility.UrlEncode(tgt)}";
return Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>", "text/html");
var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?dstDomain={HttpUtility.UrlEncode(dstDomain)}&tgt={HttpUtility.UrlEncode(tgt)}";
return
Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",
"text/html");
}
[HttpPost]
@ -35,7 +37,11 @@ public class CookieProxyController : Controller {
if (!Request.Host.Host.StartsWith(Vars.AuthProxySubdomain + ".") || !Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith("." + p)))
return StatusCode(StatusCodes.Status421MisdirectedRequest);
if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(cookie) || string.IsNullOrWhiteSpace(tgt)) {
if (string.IsNullOrWhiteSpace(dstDomain)
|| !Vars.PermittedDomains.Contains(dstDomain)
|| string.IsNullOrWhiteSpace(cookie)
|| string.IsNullOrWhiteSpace(tgt)
|| !new Uri(tgt).Host.EndsWith(dstDomain)) {
return BadRequest("Bad request.");
}

2
Controllers/RedirectController.cs
View file

@ -14,7 +14,7 @@ public class RedirectController : Controller {
return StatusCode(StatusCodes.Status421MisdirectedRequest);
}
if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(tgt)) {
if (string.IsNullOrWhiteSpace(dstDomain) || !Vars.PermittedDomains.Contains(dstDomain) || string.IsNullOrWhiteSpace(tgt) || !new Uri(tgt).Host.EndsWith(dstDomain)) {
Response.StatusCode = StatusCodes.Status421MisdirectedRequest;
return BadRequest("Bad request.");
}