fix: handle GET requests only in auth handlerfuncs

tommytroen · ybelMekk · tronghn · tommytroen · commit f5451066bc34 · 2024-03-22T09:44:15.000+01:00
* we receive an OPTIONS request (chrome) first which ends the authflow if we do not separate GET and OPTIONS * https://issues.chromium.org/issues/330594669 Co-authored-by: ybelmekk <youssef.bel.mekki@nav.no> Co-authored-by: tronghn <trong.huu.nguyen@nav.no> Co-authored-by: christeredvartsen <christer.edvartsen@nav.no>
diff --git a/internal/device-agent/auth/azure.go b/internal/device-agent/auth/azure.go
@@ -28,10 +28,7 @@ func handleRedirectAzure(state string, conf oauth2.Config, codeVerifier *codever
 			return
 		}
 
-		// We used to use r.Context() here, but a Google Chrome update broke that.
-		// It seems that Chrome closes the HTTP connection prematurely, because the context
-		// is at this point already canceled.
-		ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(30*time.Second))
+		ctx, cancel := context.WithDeadline(r.Context(), time.Now().Add(30*time.Second))
 		defer cancel()
 
 		codeVerifierParam := oauth2.SetAuthURLParam("code_verifier", codeVerifier.String())
diff --git a/internal/device-agent/auth/common.go b/internal/device-agent/auth/common.go
@@ -45,8 +45,8 @@ func GetDeviceAgentToken(ctx context.Context, log logrus.FieldLogger, conf oauth
 
 	handler := http.NewServeMux()
 	// define a handler that will get the authorization code, call the authFlowResponse endpoint, and close the HTTP server
-	handler.HandleFunc("/", handleRedirectAzure(state, conf, codeVerifier, authFlowChan))
-	handler.HandleFunc("/google", handleRedirectGoogle(state, conf.RedirectURL, codeVerifier, authFlowChan, authServer))
+	handler.HandleFunc("GET /", handleRedirectAzure(state, conf, codeVerifier, authFlowChan))
+	handler.HandleFunc("GET /google", handleRedirectGoogle(state, conf.RedirectURL, codeVerifier, authFlowChan, authServer))
 
 	server := &http.Server{Handler: handler}
 	go server.Serve(listener)
diff --git a/internal/device-agent/auth/google.go b/internal/device-agent/auth/google.go
@@ -38,10 +38,7 @@ func handleRedirectGoogle(state, redirectURI string, codeVerifier *codeverifier.
 			return
 		}
 
-		// We used to use r.Context() here, but a Google Chrome update broke that.
-		// It seems that Chrome closes the HTTP connection prematurely, because the context
-		// is at this point already canceled.
-		ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
+		ctx, cancel := context.WithDeadline(r.Context(), time.Now().Add(10*time.Second))
 		defer cancel()
 
 		exchangeRequest := ExchangeRequest{
