diff --git a/server/handlers.go b/server/handlers.go
index f25d52f5317f1032b68f2567934ba0fabebcbf93..08004c6d0ec83a570f0b8f67d37386cb4f2624bc 100755
--- a/server/handlers.go
+++ b/server/handlers.go
@@ -523,7 +523,7 @@ func (s *Server) finalizeLogin(identity connector.Identity, authReq storage.Auth
authReq.ConnectorID, claims.Username, claims.PreferredUsername, email, claims.Groups)
// we can skip the redirect to /approval and go ahead and send code if it's not required
- if s.skipApproval || !authReq.ForceApprovalPrompt {
+ if s.skipApproval && !authReq.ForceApprovalPrompt {
return "", true, nil
}
diff --git a/server/handlers_test.go b/server/handlers_test.go
index d49e72415cabdd2c705a06bedd5cee5d7af13844..b9340c9bd5f8ab4f941c04f9e015b63765fcd641 100644
--- a/server/handlers_test.go
+++ b/server/handlers_test.go
@@ -10,7 +10,6 @@ import (
"net/http/httptest"
"net/url"
"path"
- "strings"
"testing"
"time"
@@ -339,6 +338,7 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
name string
skipApproval bool
authReq storage.AuthRequest
+ expectedRes string
}{
{
name: "Force approval",
@@ -351,6 +351,7 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
+ expectedRes: "/approval",
},
{
name: "Skip approval by server config",
@@ -363,9 +364,10 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
+ expectedRes: "/approval",
},
{
- name: "Skip approval by auth request",
+ name: "No skip",
skipApproval: false,
authReq: storage.AuthRequest{
ID: authReqID,
@@ -375,6 +377,20 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
+ expectedRes: "/approval",
+ },
+ {
+ name: "Skip approval",
+ skipApproval: true,
+ authReq: storage.AuthRequest{
+ ID: authReqID,
+ ConnectorID: connID,
+ RedirectURI: "cb",
+ Expiry: expiry,
+ ResponseTypes: resTypes,
+ ForceApprovalPrompt: false,
+ },
+ expectedRes: "/auth/mockPw/cb",
},
}
@@ -410,15 +426,11 @@ func TestHandlePasswordLoginWithSkipApproval(t *testing.T) {
require.Equal(t, 303, rr.Code)
resp := rr.Result()
- cbPath := strings.Split(resp.Header.Get("Location"), "?")[0]
- if tc.skipApproval || !tc.authReq.ForceApprovalPrompt {
- require.Equal(t, "/auth/mockPw/cb", cbPath)
- } else {
- require.Equal(t, "/approval", cbPath)
- }
+ defer resp.Body.Close()
- resp.Body.Close()
+ cb, _ := url.Parse(resp.Header.Get("Location"))
+ require.Equal(t, tc.expectedRes, cb.Path)
}
}
@@ -435,6 +447,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
name string
skipApproval bool
authReq storage.AuthRequest
+ expectedRes string
}{
{
name: "Force approval",
@@ -447,6 +460,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
+ expectedRes: "/approval",
},
{
name: "Skip approval by server config",
@@ -459,6 +473,7 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: true,
},
+ expectedRes: "/approval",
},
{
name: "Skip approval by auth request",
@@ -471,6 +486,20 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
ResponseTypes: resTypes,
ForceApprovalPrompt: false,
},
+ expectedRes: "/approval",
+ },
+ {
+ name: "Skip approval",
+ skipApproval: true,
+ authReq: storage.AuthRequest{
+ ID: authReqID,
+ ConnectorID: connID,
+ RedirectURI: "cb",
+ Expiry: expiry,
+ ResponseTypes: resTypes,
+ ForceApprovalPrompt: false,
+ },
+ expectedRes: "/callback/cb",
},
}
@@ -492,14 +521,9 @@ func TestHandleConnectorCallbackWithSkipApproval(t *testing.T) {
require.Equal(t, 303, rr.Code)
resp := rr.Result()
- cbPath := strings.Split(resp.Header.Get("Location"), "?")[0]
-
- if tc.skipApproval || !tc.authReq.ForceApprovalPrompt {
- require.Equal(t, "/callback/cb", cbPath)
- } else {
- require.Equal(t, "/approval", cbPath)
- }
+ defer resp.Body.Close()
- resp.Body.Close()
+ cb, _ := url.Parse(resp.Header.Get("Location"))
+ require.Equal(t, tc.expectedRes, cb.Path)
}
}