From 9a79bab43d8786f28c7706febde954c5003727d6 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Fri, 10 Sep 2021 16:19:29 +0200
Subject: [PATCH] outposts/proxy: fix redirect URL error due to callback url
 not being joined correctly

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/proxyv2/application/application.go |  3 +--
 internal/outpost/proxyv2/application/utils.go       | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/internal/outpost/proxyv2/application/application.go b/internal/outpost/proxyv2/application/application.go
index c025e9b44..094eceaf0 100644
--- a/internal/outpost/proxyv2/application/application.go
+++ b/internal/outpost/proxyv2/application/application.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/tls"
 	"encoding/gob"
-	"fmt"
 	"net/http"
 	"net/url"
 	"regexp"
@@ -70,7 +69,7 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, cs *ak.CryptoStore
 	oauth2Config := oauth2.Config{
 		ClientID:     *p.ClientId,
 		ClientSecret: *p.ClientSecret,
-		RedirectURL:  fmt.Sprintf("%s/akprox/callback", p.ExternalHost),
+		RedirectURL:  urlJoin(p.ExternalHost, "/akprox/callback"),
 		Endpoint:     endpoint.Endpoint,
 		Scopes:       []string{oidc.ScopeOpenID, "profile", "email", "ak_proxy"},
 	}
diff --git a/internal/outpost/proxyv2/application/utils.go b/internal/outpost/proxyv2/application/utils.go
index f5b493296..019432d5c 100644
--- a/internal/outpost/proxyv2/application/utils.go
+++ b/internal/outpost/proxyv2/application/utils.go
@@ -3,13 +3,24 @@ package application
 import (
 	"fmt"
 	"net/http"
+	"net/url"
+	"path"
 	"strconv"
 
 	"goauthentik.io/internal/outpost/proxyv2/constants"
 )
 
+func urlJoin(originalUrl string, newPath string) string {
+	u, err := url.Parse(originalUrl)
+	if err != nil {
+		return originalUrl
+	}
+	u.Path = path.Join(u.Path, newPath)
+	return u.String()
+}
+
 func (a *Application) redirectToStart(rw http.ResponseWriter, r *http.Request) {
-	authUrl := fmt.Sprintf("%s/akprox/start", a.proxyConfig.ExternalHost)
+	authUrl := urlJoin(a.proxyConfig.ExternalHost, "/akprox/start")
 	http.Redirect(rw, r, authUrl, http.StatusFound)
 }