fix: recovery with OAuth2 and 2FA #3834
Conversation
| @@ -341,7 +341,7 @@ func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, request | |||
| return nil | |||
| } | |||
|
|
|||
| loginURL := urlx.CopyWithQuery(urlx.AppendPaths(s.r.Config().SelfPublicURL(ctx), "/self-service/login/browser"), url.Values{"aal": {"aal2"}}) | |||
| loginURL := &url.URL{Path: "/self-service/login/browser", RawQuery: "aal=aal2"} | |||
There was a problem hiding this comment.
I don't see the difference to be honest?
There was a problem hiding this comment.
If the idea is to not use the domain, then this won't work because the public url might have a path prefix
There was a problem hiding this comment.
The bug I want to fix is that if Kratos runs on multiple domains / CNAMEs, redirecting to the public URL will cause the user to end up on a different domain than he started on.
If we redirect without a host, the current host will continue to be used.
There was a problem hiding this comment.
If the idea is to not use the domain, then this won't work because the public url might have a path prefix
OK, so then we can just extract the path prefix from the public URL?
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3834 +/- ##
==========================================
+ Coverage 77.95% 78.01% +0.06%
==========================================
Files 358 358
Lines 25165 25165
==========================================
+ Hits 19617 19633 +16
+ Misses 4041 4026 -15
+ Partials 1507 1506 -1 ☔ View full report in Codecov by Sentry. |
|
This is not the fix I was looking for. |
Related issue(s)
https://github.com/ory-corp/cloud/issues/6066
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
[email protected]) from the maintainers to push
the changes.
works.
Further Comments