zotan/AutheliaMultiDomainProxy
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: zotan:c0292e080ded9cf796b813129aa7dcf6e0d29850
Branches Tags
zotan:dev
...
compare: zotan:b4e23a6ed4585eaaa74e405500780a701f79cbef
Branches Tags
zotan:dev

2 commits
c0292e080d ... b4e23a6ed4

Author SHA1 Message Date
Laura Hausmann b4e23a6ed4
Fix 2fa weirdness 2023-04-05 20:22:08 +02:00
Laura Hausmann 102bd6bf30
Simplify host restriction 2023-04-05 20:17:44 +02:00
2 changed files with 11 additions and 5 deletions
Show stats Expand all files Collapse all files

10
Controllers/CookieProxyController.cs
View file

@ -17,10 +17,18 @@ public class CookieProxyController : Controller {
var dstDomain = AuthHelpers.GetRootDomain(tgt);
if (!Request.Cookies.ContainsKey("authelia_session") || string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
if (string.IsNullOrWhiteSpace(tgt) || !Vars.PermittedDomains.Contains(dstDomain)) {
return BadRequest("Bad request.");
}
if (!Request.Cookies.ContainsKey("authelia_session")) {
// tgt is urlencoded twice because authelia decodes it by one layer
var authUrl =
$"https://{Vars.AutheliaSubdomain}.{Vars.UpstreamPrimaryDomain}/?rd=https%3A%2F%2F{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}%2Fapi%2Fcookieproxy_stage_one%3Ftgt%3D{HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
Response.Redirect(authUrl);
return Content($"Redirecting... <a href=\"{authUrl}\">Click here if you are not redirected automatically</a>", "text/html");
}
var targetUrl = $"https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_two?tgt={HttpUtility.UrlEncode(tgt)}";
return
Content($"Redirecting to cookie proxy (stage two) on the destination domain... <form method=\"POST\" action=\"{targetUrl}\"> <input type=\"hidden\" name=\"cookie\" value=\"{HttpUtility.HtmlEncode(Request.Cookies["authelia_session"])}\"><button type=\"submit\">Click here</button> if you are not redirected automatically</form><script>document.querySelector(\"form\").submit();</script>",

6
Controllers/RedirectController.cs
View file

@ -9,10 +9,8 @@ namespace AutheliaMultiDomainProxy.Controllers;
public class RedirectController : Controller {
public IActionResult Get([FromQuery] string tgt) {
// Check if we are on an allowed domain
if (!Vars.PermittedDomains.Any(p => Request.Host.Host.EndsWith($".{p}"))) {
Response.StatusCode = 421;
if (Vars.PermittedDomains.All(p => Request.Host.Host != $"{Vars.AuthProxySubdomain}.{p}"))
return StatusCode(StatusCodes.Status421MisdirectedRequest);
}
var dstDomain = AuthHelpers.GetRootDomain(tgt);
@ -23,7 +21,7 @@ public class RedirectController : Controller {
// tgt is urlencoded twice because authelia decodes it by one layer
var targetUrl =
$"https://{Vars.AutheliaSubdomain}.{Vars.UpstreamPrimaryDomain}/?rd=https%3A%2F%2F{Vars.AuthProxySubdomain}.{Vars.UpstreamPrimaryDomain}%2Fapi%2Fcookieproxy_stage_one%3FdstDomain%3D{dstDomain}%26tgt%3D{HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
$"https://https://{Vars.AuthProxySubdomain}.{dstDomain}/api/cookieproxy_stage_one?tgt={HttpUtility.UrlEncode(HttpUtility.UrlEncode(tgt))}";
Response.Redirect(targetUrl);
return Content($"Redirecting... <a href=\"{targetUrl}\">Click here if you are not redirected automatically</a>", "text/html");
}