Unable to overwrite Dataporten `redirect_url`

devilry / trix2

Next generation Trix. Detailed task control and statistics app for better learning outcome.

BSD 3-Clause "New" or "Revised" License

2 stars 3 forks source link

Unable to overwrite Dataporten `redirect_url` #110

Closed torgeirl closed 1 year ago

torgeirl commented 1 year ago

The implementation of federated authentication (#88) seems to assume the hostname will be part of the login provider's redirect_url, but that isn't necessarily the case. When attempting to use Dataporten in a Kubernetes cluster, the redirect_url gets set to http://<route.spec.host>/authenticate/allauth/dataporten/login/callback/ instead of https://<URL>/authenticate/allauth/dataporten/login/callback/.

Some way of changing LOGIN_REDIRECT_URL or option in settings.py to overwrite it seems to be a solution.

torgeirl commented 1 year ago

@Levijatan: we have uncovered that the cluster's loadbalancer is overwriting our application's set-header directives. I'll give another update once our request to update the loadbalancer config has been met, hopefully that will solve the issue in our end.

Levijatan commented 1 year ago

@torgeirl It seems that would create the problem, it looks like django tries to use 'HTTP_HOST' in META of the request to build the absolute url. One possible solution is to have the loadbalancer forward X-Forwarded headers and set USE_X_FORWARDED_HOST = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') in the django settings. This allowes django to use 'HTTP_X_FORWARDED_HOST' instead of 'HTTP_HOST'

torgeirl commented 1 year ago

@Levijatan: had to adjust a few other things first, but your suggestion solved our issue! :tada: