Merge pull request Badgerati#638 from Badgerati/develop

v2.0.2
ili101 · Dec 5, 2020 · ac4eedb · ac4eedb
2 parents 7e3fea8 + 013313c
commit ac4eedb
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 6 deletions.
diff --git a/docs/release-notes.md b/docs/release-notes.md
@@ -1,5 +1,12 @@
 # Release Notes
 
+## v2.0.2
+
+```plain
+### Bugs
+* #636: Fixes bug with OAuth2 RedirectUrl when behind IIS
+```
+
 ## v2.0.1
 
 ```plain

diff --git a/src/Private/Authentication.ps1 b/src/Private/Authentication.ps1
@@ -102,8 +102,9 @@ function Get-PodeAuthOAuth2Type
 
             # otherwise, set query for auth_code
             else {
+                $redirectUrl = Get-PodeOAuth2RedirectHost -RedirectUrl $options.Urls.Redirect
                 $body += "&code=$($WebEvent.Query['code'])"
-                $body += "&redirect_uri=$([System.Web.HttpUtility]::UrlEncode($options.Urls.Redirect))"
+                $body += "&redirect_uri=$([System.Web.HttpUtility]::UrlEncode($redirectUrl))"
             }
 
             # POST the tokenUrl
@@ -149,9 +150,11 @@ function Get-PodeAuthOAuth2Type
 
         # redirect to the authUrl - only if no inner scheme supplied
         if (!$hasInnerScheme) {
+            $redirectUrl = Get-PodeOAuth2RedirectHost -RedirectUrl $options.Urls.Redirect
+
             $query = "client_id=$($options.Client.ID)"
             $query += "&response_type=code"
-            $query += "&redirect_uri=$([System.Web.HttpUtility]::UrlEncode($options.Urls.Redirect))"
+            $query += "&redirect_uri=$([System.Web.HttpUtility]::UrlEncode($redirectUrl))"
             $query += "&response_mode=query"
             $query += "&scope=$([System.Web.HttpUtility]::UrlEncode($scopes))"
 
@@ -164,6 +167,33 @@ function Get-PodeAuthOAuth2Type
     }
 }
 
+function Get-PodeOAuth2RedirectHost
+{
+    param(
+        [Parameter()]
+        [string]
+        $RedirectUrl
+    )
+
+    if ($RedirectUrl.StartsWith('/')) {
+        if ($PodeContext.Server.IsIIS -or $PodeContext.Server.IsHeroku) {
+            $protocol = Get-PodeHeader -Name 'X-Forwarded-Proto'
+            if ([string]::IsNullOrWhiteSpace($protocol)) {
+                $protocol = 'https'
+            }
+
+            $domain = "$($protocol)://$($WebEvent.Request.Host)"
+        }
+        else {
+            $domain = Get-PodeEndpointUrl
+        }
+
+        $RedirectUrl = "$($domain.TrimEnd('/'))$($RedirectUrl)"
+    }
+
+    return $RedirectUrl
+}
+
 function Get-PodeAuthClientCertificateType
 {
     return {

diff --git a/src/Public/Authentication.ps1 b/src/Public/Authentication.ps1
@@ -536,10 +536,9 @@ function Add-PodeAuth
 
     # if the scheme is oauth2, and there's no redirect, set up a default one
     if (($Scheme.Name -ieq 'oauth2') -and ($null -eq $Scheme.InnerScheme)  -and [string]::IsNullOrWhiteSpace($Scheme.Arguments.Urls.Redirect)) {
-        $url = Get-PodeEndpointUrl
-        $path = 'oauth2/callback'
-        $Scheme.Arguments.Urls.Redirect = "$($url)$($path)"
-        Add-PodeRoute -Method Get -Path "/$($path)" -Authentication $Name
+        $path = '/oauth2/callback'
+        $Scheme.Arguments.Urls.Redirect = $path
+        Add-PodeRoute -Method Get -Path $path -Authentication $Name
     }
 }