Skip to content

handle public edge component URL in settings #2118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wojcik91 merged 18 commits into from
Feb 25, 2026
Merged

handle public edge component URL in settings #2118

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
e521658
fix capitalization
wojcik91 Feb 23, 2026
5a59e84
handle proxy URL in general settings page
wojcik91 Feb 23, 2026
3e2dec7
update protos
wojcik91 Feb 24, 2026
2e34e77
add method for generating edge callback URL
wojcik91 Feb 24, 2026
80e43b7
update auth info grpc handler
wojcik91 Feb 24, 2026
7c29375
update desktop MFA handler
wojcik91 Feb 24, 2026
c530fb9
update auth callback handler
wojcik91 Feb 24, 2026
1dad407
Merge branch 'dev' into edit_edge_public_url
wojcik91 Feb 24, 2026
e80b183
use a simpler conversion
wojcik91 Feb 24, 2026
1692a84
add session duration to settings page
wojcik91 Feb 24, 2026
494093f
Merge branch 'dev' into edit_edge_public_url
wojcik91 Feb 24, 2026
f11ecce
Revert "use a simpler conversion"
wojcik91 Feb 24, 2026
4f4292d
remove redundant label
wojcik91 Feb 24, 2026
01f9185
add translation
wojcik91 Feb 24, 2026
909dcfe
formatting
wojcik91 Feb 24, 2026
746820e
Merge branch 'dev' into edit_edge_public_url
wojcik91 Feb 25, 2026
ea48271
update protos
wojcik91 Feb 25, 2026
c1d431b
update dependencies
wojcik91 Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 29 additions & 29 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

46 changes: 45 additions & 1 deletion crates/defguard_common/src/db/models/settings.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use url::Url;
use utoipa::ToSchema;
use uuid::Uuid;

use crate::{db::Id, global_value, secret::SecretStringWrapper};
use crate::{db::Id, global_value, secret::SecretStringWrapper, types::AuthFlowType};

global_value!(SETTINGS, Option<Settings>, None, set_settings, get_settings);

Expand Down Expand Up @@ -529,6 +529,19 @@ impl Settings {
pub fn proxy_public_url(&self) -> Result<Url, url::ParseError> {
Url::parse(&self.public_proxy_url)
}

/// Returns configured Edge Component URL with the correct callback path appended depending on auth flow type.
pub fn edge_callback_url(&self, auth_flow_type: AuthFlowType) -> Result<Url, url::ParseError> {
let mut url = self.proxy_public_url()?;
// Append callback segments to the URL.
if let Ok(mut path_segments) = url.path_segments_mut() {
match auth_flow_type {
AuthFlowType::Enrollment => path_segments.extend(&["openid", "callback"]),
AuthFlowType::Mfa => path_segments.extend(&["openid", "mfa", "callback"]),
};
}
Ok(url)
}
}

#[derive(Serialize)]
Expand Down Expand Up @@ -676,4 +689,35 @@ mod test {
"https://defguard.example.com:8443/path/auth/callback"
);
}

#[test]
fn test_edge_callback_url() {
let mut s = Settings {
public_proxy_url: "https://edge.example.com".into(),
..Default::default()
};

assert_eq!(
s.edge_callback_url(AuthFlowType::Enrollment)
.unwrap()
.as_str(),
"https://edge.example.com/openid/callback"
);
assert_eq!(
s.edge_callback_url(AuthFlowType::Mfa).unwrap().as_str(),
"https://edge.example.com/openid/mfa/callback"
);

s.public_proxy_url = "https://edge.example.com:8443/path".into();
assert_eq!(
s.edge_callback_url(AuthFlowType::Enrollment)
.unwrap()
.as_str(),
"https://edge.example.com:8443/path/openid/callback"
);
assert_eq!(
s.edge_callback_url(AuthFlowType::Mfa).unwrap().as_str(),
"https://edge.example.com:8443/path/openid/mfa/callback"
);
}
}
6 changes: 6 additions & 0 deletions crates/defguard_common/src/types/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,9 @@ pub mod proxy;
pub mod user_info;

pub type UrlParseError = url::ParseError;

#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum AuthFlowType {
Enrollment,
Mfa,
}
14 changes: 8 additions & 6 deletions crates/defguard_core/src/enterprise/grpc/desktop_client_mfa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use defguard_common::{db::models::Settings, types::AuthFlowType};
use defguard_proto::proxy::{ClientMfaOidcAuthenticateRequest, DeviceInfo, MfaMethod};
use openidconnect::{AuthorizationCode, Nonce};
use reqwest::Url;
use tonic::Status;

use crate::{
Expand Down Expand Up @@ -84,10 +84,12 @@ impl ClientMfaServer {
);

let code = AuthorizationCode::new(request.code.clone());
let url = match Url::parse(&request.callback_url).map_err(|err| {
error!("Invalid redirect URL provided: {err}");
Status::invalid_argument("invalid redirect URL")
}) {
let url = match Settings::get_current_settings()
.edge_callback_url(AuthFlowType::Mfa)
.map_err(|err| {
error!("Invalid callback URL configuration: {err}");
Status::invalid_argument("invalid callback URL")
}) {
Ok(url) => url,
Err(status) => {
self.sessions
Expand All @@ -101,7 +103,7 @@ impl ClientMfaServer {
location: location.clone(),
device: device.clone(),
method,
message: "provided invalid redirect URL".to_string(),
message: "provided invalid callback URL".to_string(),
},
)),
})?;
Expand Down
Loading
Loading