Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code is posting form back to url specified in configuration, not to the url you are on #37

Open
ericdbarry opened this issue Jul 28, 2019 · 0 comments
Open

Code is posting form back to url specified in configuration, not to the url you are on #37

ericdbarry opened this issue Jul 28, 2019 · 0 comments

Comments

@ericdbarry
Copy link

ericdbarry commented Jul 28, 2019
edited

We have a SAML flow that starts with a landing URL that sets some specific session metadata and then re-routes you to the real login form. This is causing issues, specifically with the code in the method: GenericFormsBasedAuthenticator._retrieve_login_form_from_endpoint(endpoint, verify=True)

        response = self._requests_session.get(endpoint, verify=True)
        ....
        form_action = urljoin(endpoint,
                              login_form_html_node.attrib.get('action', ''))

The above code assumes that the page you visited initially is the same URL you are currently on, which is not always true. Regardless, the HTML spec is pretty specific: https://www.w3.org/TR/html52/sec-forms.html#form-submission-algorithm

  1. If action is the empty string, let action be the document’s URL of the form document.

Naively I just replaced the endpoint with response.url and it worked as expected. but I haven't pored through the rest of the code to see if this would affect another place (like, session management?)
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Jul 29, 2019
@ericdbarry
awslabs#37 Fixing incorrect endpoint for posting the form data.
384a5ac
@ericdbarry ericdbarry mentioned this issue Jul 29, 2019
Open
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Jul 29, 2019
@ericdbarry
Merge pull request #4 from ericdbarry/bugfix/#37_posting_url_not_correct
474b85b 
awslabs#37 Fixing incorrect endpoint for posting the form data.
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Jul 29, 2019
@ericdbarry
Revert "awslabs#37 Fixing incorrect endpoint for posting the form data."
0d32b2f
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Jul 30, 2019
@ericdbarry
Merge pull request #8 from ericdbarry/bugfix/#37_posting_url_not_correct
3cc3756 
awslabs#37 Fixing incorrect endpoint for posting the form data.
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Aug 2, 2019
@ericdbarry
awslabs#37 - fixing tests and adding in two new ones to deal with act…
46d6b16 
…ion posting and landing page redirects.
ericdbarry added a commit to ericdbarry/awsprocesscreds that referenced this issue Aug 2, 2019
@ericdbarry
Merge pull request #9 from ericdbarry/bugfix/#37_posting_url_not_correct
cf4abb9 
awslabs#37 - fixing tests and adding in two new ones to deal with action pos…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericdbarry