Added check to see if the location is login for blockredir filter

Will remove location if the location is for login to let the UI trigger a login event.

Added check to see if the location is login for blockredir filter
Will remove location if the location is for login to let the UI trigger a login event.
a4206921 · Martin Lowe · Martin Lowe · 449e5aec · a4206921 · a4206921
Commit a4206921 authored Jul 20, 2021 by Martin Lowe 🇨🇦 Committed by Martin Lowe Jul 26, 2021
--- a/pom.xml
+++ b/pom.xml
@@ -65,10 +65,6 @@
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-oidc</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>io.quarkus</groupId>
-			<artifactId>quarkus-undertow</artifactId>
-		</dependency>
 		<dependency>
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-rest-client</artifactId>

--- a/src/main/java/org/eclipsefoundation/react/response/BlockRedirectResponseFilter.java
+++ b/src/main/java/org/eclipsefoundation/react/response/BlockRedirectResponseFilter.java
@@ -4,21 +4,29 @@ import java.io.IOException;
 import java.util.List;

 import javax.enterprise.inject.Instance;
+import javax.ws.rs.ConstrainedTo;
+import javax.ws.rs.RuntimeType;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerResponseContext;
 import javax.ws.rs.container.ContainerResponseFilter;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response.Status;
 import javax.ws.rs.ext.Provider;

 import org.eclipse.microprofile.config.inject.ConfigProperty;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

+import io.vertx.core.http.HttpServerResponse;
+
 /**
- * Stops redirects from base Quarkus impl unless they are under given paths (based on regex expressions).
+ * Stops redirects from base Quarkus impl unless they are under given paths (based on regex expressions). This does not
+ * work with multi-tenant OIDC, and may need some upgrades to work with that should it be used.
 * 
 * @author Martin Lowe
 */
 @Provider
+@ConstrainedTo(RuntimeType.CLIENT)
 public class BlockRedirectResponseFilter implements ContainerResponseFilter {
    public static final Logger LOGGER = LoggerFactory.getLogger(BlockRedirectResponseFilter.class);

@@ -29,13 +37,29 @@ public class BlockRedirectResponseFilter implements ContainerResponseFilter {
    @ConfigProperty(name = "eclipse.http.redirect-block.code", defaultValue = "499")
    Instance<Integer> returnCode;

+    @ConfigProperty(name = "quarkus.oidc.auth-server-url")
+    Instance<String> authServerURL;
+
+    @Context
+    HttpServerResponse response;
+
    @Override
    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
            throws IOException {
        // only act on filter data if filter is enabled, is a redirect, and falls under specified paths
        if (Boolean.TRUE.equals(enabled.get()) && Math.floorDiv(responseContext.getStatus(), 100) == 3
                && doesPathMatchIgnorePattern(requestContext.getUriInfo().getPath())) {
-            responseContext.setStatus(returnCode.get());
+            // if the URL is leading to the auth server, then return unauthorized
+            if (responseContext.getLocation() != null
+                    && responseContext.getLocation().toString().startsWith(authServerURL.get())) {
+                // change the response type
+                responseContext.setStatus(Status.UNAUTHORIZED.getStatusCode());
+                // remove the redirect location header
+                responseContext.getHeaders().remove("Location");
+
+            } else {
+                responseContext.setStatus(returnCode.get());
+            }
        }
    }