Requested return_to url is rejected.

[bencekov]

Bug Description

The pattern https://\<proxy-url>/* set in allowed_return_urls doesn't match with requested return_url https://\<proxy-url>/\<juju-model>-\<juju-application> .

To Reproduce

1. Clone the identity-platform bundle repository
2. Change kratos release to 388 or older
3. Run integration test with tox -e integration --recreate (to keep model, add --keep-models flag)

Environment

It's an issue with Kratos charm revision 388 or older.

Relevant log output

Kratos:

{"audience": "application", "error": {"debug": "Allowed domains are: [{https   192.168.100.12 /* /* false false   } {https   192.168.100.12 /test-bundle-zcki-kratos/self-service  false false   }]", "message": "The request was malformed or contained invalid parameters", "reason": "Requested return_to URL \"https://192.168.100.12/test-bundle-zcki-identity-platform-login-ui-operator/ui/login?login_challenge=06ceb677cb9548509390052f0559953b\" is not allowed.", "status": "Bad Request", "status_code": 400},...}

Additional context

No response

[shipperizer]

@bencekov issue is with the * in the allowed_url, that literally breaks everything due to https://github.com/ory/kratos/blob/bbf874fd7f7c6e5d51b11f39d989a17039a6e955/x/http_secure_redirect.go#L131-L142

the coalesce from stringx doesn't recognize regexp patterns, so we need to simply put a final / and it will be treated as a prefix by default

[syncronize-issues-to-jira[bot]]

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-615.

This message was autogenerated