use request.url instead of base_url

2025-12-31 02:29:38 -06:00 · 2025-03-16 21:19:18 +01:00
parent acf489f471
commit bcdcdc42d4
2 changed files with 14 additions and 5 deletions
--- a/.env.local
+++ b/.env.local
@@ -1,3 +1,4 @@
 ABR_APP__CONFIG_DIR=config # Path to the config directory. Default: /config
 ABR_APP__DEBUG=true # Default: false
 ABR_APP__OPENAPI_ENABLED=true # Default: false
+ABR_APP__LOG_LEVEL=DEBUG
--- a/app/routers/auth.py
+++ b/app/routers/auth.py
@@ -1,8 +1,9 @@
 import base64
+import logging
 import secrets
 import time
 from typing import Annotated, Optional
-from urllib.parse import urlencode
+from urllib.parse import urlencode, urljoin

 from aiohttp import ClientSession
 from fastapi import APIRouter, Depends, Form, HTTPException, Request, Response, status
@@ -27,6 +28,8 @@ from app.util.toast import ToastException

 router = APIRouter(prefix="/auth")

+logger = logging.getLogger(__name__)
+

@router.get("/login")
 async def login(
@@ -57,11 +60,16 @@ async def login(
        if not client_id:
            raise InvalidOIDCConfiguration("Missing OIDC client ID")

-        base_url = str(request.base_url).rstrip("/")
+        auth_redirect_uri = urljoin(str(request.url), "/auth/oidc")
+
+        logger.info(f"Redirecting to OIDC login: {authorize_endpoint}")
+        logger.info(f"Redirect URI: {auth_redirect_uri}")
+        logger.debug(f"{request.url.is_secure = }")
+
        params = {
            "response_type": "code",
            "client_id": client_id,
-            "redirect_uri": f"{base_url}/auth/oidc",
+            "redirect_uri": auth_redirect_uri,
            "scope": scope,
            "state": redirect_uri,
        }
@@ -147,14 +155,14 @@ async def login_oidc(
    if not username_claim:
        raise InvalidOIDCConfiguration("Missing OIDC username claim")

-    base_url = str(request.base_url).rstrip("/")
+    auth_redirect_uri = urljoin(str(request.url), "/auth/oidc")

    data = {
        "grant_type": "authorization_code",
        "code": code,
        "client_id": client_id,
        "client_secret": client_secret,
-        "redirect_uri": f"{base_url}/auth/oidc",
+        "redirect_uri": auth_redirect_uri,
    }
    async with client_session.post(
        token_endpoint,