fix(plugin): prevent relative redirects being resolved by Terminus-pl…

…ugin (#14)
Strobotti · May 21, 2024 · ed465a8 · ed465a8
1 parent ff6e1e6
commit ed465a8
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -15,6 +15,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           persist-credentials: false
+          fetch-depth: 0
 
       - name: Install Go
         uses: actions/setup-go@v5

diff --git a/plugins/terminus/terminus.go b/plugins/terminus/terminus.go
@@ -88,6 +88,14 @@ func (p *terminus) ModifyUrl(url string) string {
 			break
 		}
 
+		// if the location is a relative path, we assume it's due to a missing authentication and just return the original URL
+		if location[0] == '/' {
+			p.serviceProvider.GetLogger().Warn(
+				fmt.Sprintf("location is just a path for %s", newUrl), "location", location, "plugin", "terminus",
+			)
+			break
+		}
+
 		p.serviceProvider.GetLogger().Debug(
 			fmt.Sprintf("following a redirect for %s", newUrl), "location", location, "plugin", "terminus",
 		)

diff --git a/plugins/terminus/terminus_test.go b/plugins/terminus/terminus_test.go
@@ -79,6 +79,17 @@ func TestTerminus_ModifyUrl(t *testing.T) {
 				"https://www7.example.com/some/thing?here=again": http.StatusMultipleChoices,
 			},
 		},
+		{
+			name:        "location is a relative path",
+			inputUrl:    "https://www.example.com/some/thing?here=again",
+			expectedUrl: "https://www.example.com/some/thing?here=again",
+			locations: map[string]string{
+				"https://www.example.com/some/thing?here=again": "/some/other/thing?here=again",
+			},
+			responseCodes: map[string]int{
+				"https://www.example.com/some/thing?here=again": http.StatusMultipleChoices,
+			},
+		},
 	} {
 		t.Run(
 			tt.name, func(t *testing.T) {