search

famedly / uia-proxy

GNU Affero General Public License v3.0
0 stars 0 forks source link

UIA proxy should not prepend the IDP ID for localparts #32

Closed famedly-bot closed 1 year ago

famedly-bot commented 2 years ago

In GitLab by @jdreichmann on Sep 15, 2022, 09:07

When the config specifies a subject claim, the resulting localpart is idp-id/subject_claim, rather than the expected subject claim.

Sep-15 07:05:03.331 [OpenID] debug: Callback for session lQge9FcDhFWHmwGD63hhgPbG1OysV2AN5DB8D4_Ou70 successful                                                                                                                                                       [5/33473]
Sep-15 07:05:03.331 [OpenID] debug: Displayname set by provider as Dr. Anissa Tremblay
Sep-15 07:05:03.332 [OpenID] debug: Redirecting client to https://curamenta-portal.dev01.k8s.x-tention.com/callback.html?loginToken=<token>
Sep-15 07:05:03.382 [OpenID] info: Initializing new OpenID code login flow with id kQ6cInaL3UQ6J6dX6MHqgasVg9n6IZqVNy_PkX2H2Mc
Sep-15 07:05:03.384 [OpenID] debug: redirecting session kQ6cInaL3UQ6J6dX6MHqgasVg9n6IZqVNy_PkX2H2Mc to https://member-account-facade.dev01.k8s.x-tention.com/member-account-facade/oauth/authorize?prompt=none&client_id=famedly-23fg51a&scope=openid%20profile%20user%2FMessag
ing%20patient%2FMessaging&response_type=code&redirect_uri=https%3A%2F%2Fone.messaging.dev01.k8s.x-tention.com%2F_synapse%2Fclient%2Foidc%2Fcallback&state=kQ6cInaL3UQ6J6dX6MHqgasVg9n6IZqVNy_PkX2H2Mc
Sep-15 07:05:03.405 [StageHandler (login)] info: Handling GET endpoint...
Sep-15 07:05:03.631 [OpenID] info: Received callback for OpenID login session kQ6cInaL3UQ6J6dX6MHqgasVg9n6IZqVNy_PkX2H2Mc
Sep-15 07:05:03.838 [OpenID] debug: Callback for session kQ6cInaL3UQ6J6dX6MHqgasVg9n6IZqVNy_PkX2H2Mc successful
Sep-15 07:05:03.840 [OpenID] debug: Displayname set by provider as Dr. Anissa Tremblay
Sep-15 07:05:03.842 [OpenID] debug: Redirecting client to https://curamenta-portal.dev01.k8s.x-tention.com/callback.html?loginToken=<token>
Sep-15 07:05:04.497 [StageHandler (login)] info: Handling GET endpoint...
Sep-15 07:05:05.512 [Webserver] debug: Creating new session
Sep-15 07:05:05.517 [StageHandler (login)] info: Got request
Sep-15 07:05:05.517 [StageHandler (login)] info: Requesting stage m.login.sso...
Sep-15 07:05:05.517 [StageHandler (login)] debug: Next acceptable stages: [object Set Iterator]
Sep-15 07:05:05.518 [StageHandler (login)] info: Stage is valid
Sep-15 07:05:05.518 [UsernameMapper] verbose: Converting username=oidc-xt_dev01/2e994476-6521-4bdf-a8d9-13654a3ed20f with persistentId=undefined to localpart using mode=plain
Sep-15 07:05:05.518 [StageHandler (login)] info: Stage got completed
Sep-15 07:05:05.523 [StageHandler (login)] info: Successfully identified, passing on request!
Sep-15 07:05:05.523 [Api] info: Received login request
Sep-15 07:05:05.523 [Api] verbose: Session seems valid, attempting login with matrix server...
Sep-15 07:05:05.523 [Api] verbose: Generating token for oidc-xt_dev01/2e994476-6521-4bdf-a8d9-13654a3ed20f...
Sep-15 07:05:05.603 [Api] info: Successfully logged in!
Sep-15 07:05:05.603 [Api] verbose: Checking if name should be updated
Sep-15 07:05:05.626 [Api] error: Couldn't reach matrix server! HTTPError: Response code 400 (Bad Request)
    at Request.<anonymous> (/opt/uia-proxy/node_modules/got/dist/source/as-promise/index.js:117:42)
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  code: 'ERR_NON_2XX_3XX_RESPONSE',
  timings: {
    start: 1663225505605,
    socket: 1663225505609,
    lookup: 1663225505610,
    connect: 1663225505610,
    secureConnect: undefined,
    upload: 1663225505614,
    response: 1663225505617,
    end: 1663225505621,
    error: undefined,
    abort: undefined,
    phases: {
      wait: 4,
      dns: 1,
      tcp: 0,
      tls: undefined,
      request: 4,
      firstByte: 3,
      download: 4,
      total: 16
    }
  }
}
famedly-bot commented 2 years ago

In GitLab by @jdreichmann on Sep 15, 2022, 09:10

And this likely causes the 400 Bad request here: https://gitlab.com/famedly/company/backend/services/uia-proxy/-/blob/main/src/api.ts#L78 as the slash formes a bad URL which in turn forms a bad request

famedly-bot commented 2 years ago

In GitLab by @jdreichmann on Sep 15, 2022, 09:28

This all starts with https://gitlab.com/famedly/company/backend/services/uia-proxy/-/blob/main/src/stages/stage_com.famedly.login.sso.ts#L274