Giters

spring-attic / spring-social

Allows you to connect your applications with SaaS providers such as Facebook and Twitter.

Home Page:http://projects.spring.io/spring-social

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

getProxyHeaderAwareRequestURL in OAuth2AuthenticationService

rolandc85 opened this issue · comments

commented

Summary

I'm using a Zuul Proxy to forward the URL e.g. http://localhost:8080/auth/* to http://localhost:8081/auth/* which my api application is running on.

I'm unable to send out the correct redirect URI to facebook.

Actual Behavior

redirect URI sent out is http://localhost:8081/auth/facebook

Expected Behavior

redirect URI sent out should be http://localhost:8080/auth/facebook

I have checked the code in OAuth2AuthenticationService.class

In the method

                String host = request.getHeader("Host");
		if (StringUtils.isEmpty(host)) {
			return request.getRequestURL();
		}
		StringBuffer sb = new StringBuffer();
		String schemeHeader = request.getHeader("X-Forwarded-Proto");
		String portHeader = request.getHeader("X-Forwarded-Port");
		String scheme = StringUtils.isEmpty(schemeHeader) ? "http" : schemeHeader;
		String port = StringUtils.isEmpty(portHeader) ? "80" : portHeader;
		if (scheme.equals("http") && port.equals("80")){
			port = "";
		}
		if (scheme.equals("https") && port.equals("443")){
			port = "";
		}
		sb.append(scheme);
		sb.append("://");
		sb.append(host);
		if (StringUtils.hasLength(port)){
			sb.append(":");
			sb.append(port);
		}
		sb.append(request.getRequestURI());
		return sb;

the host variable returns localhost:8081.

Instead it should take into account the X-Forwarded-Host with the following code:

String forwardedHost = request.getHeader("X-Forwarded-Host");
host = StringUtils.isEmpty(forwardedHost) ? request.getHeader("Host") : forwardedHost

Lastly, handling of the port in the url should take into consideration these few points:

  1. The port if any is in the host variable.
  2. The X-Forwarded-Host OR Host (If not using Proxy) is already the final url redirected from facebook/other social platform. Therefore, there is no need to append the PORT

The below is my proposed solution:

protected StringBuffer getProxyHeaderAwareRequestURL(HttpServletRequest request) {
        String forwardedHost = request.getHeader("X-Forwarded-Host");
        String host = StringUtils.isEmpty(forwardedHost) ? request.getHeader("Host") : forwardedHost
        if(StringUtils.isEmpty(host)) {
            return request.getRequestURL();
        } else {
            StringBuffer sb = new StringBuffer();
            String schemeHeader = request.getHeader("X-Forwarded-Proto");
            String forwardedHost = request.getHeader("X-Forwarded-Host");
            String scheme = StringUtils.isEmpty(schemeHeader)?"http":schemeHeader;
            String appendedHost = StringUtils.isEmpty(forwardedHost)?request.getHeader("Host"):forwardedHost;
            sb.append(scheme);
            sb.append("://");
            sb.append(host);
            sb.append(request.getRequestURI());
            return sb;
        }
    }

However this still does fully solve the problem if proxy maps e.g. http://localhost:8080/abc to http://localhost:8081/auth