From 490da0cdc2b4fec09dd332d7c93ccbda5aacf941 Mon Sep 17 00:00:00 2001
From: Mateusz Filipowicz <mateusz.filipowicz@roche.com>
Date: Sat, 5 Mar 2022 20:24:53 +0100
Subject: [PATCH] fix(security): base URL of oauth2 URI was hardcoded as
 localhost, thus it was not possible to use proxy/custom domain. Switched to
 using redirect URI templating fixing the problem.

---
 .../security/configuration/ClientRegistrationRegistrar.kt | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/ambassador-application/src/main/kotlin/com/roche/ambassador/security/configuration/ClientRegistrationRegistrar.kt b/ambassador-application/src/main/kotlin/com/roche/ambassador/security/configuration/ClientRegistrationRegistrar.kt
index 44dc3db5..618041b4 100644
--- a/ambassador-application/src/main/kotlin/com/roche/ambassador/security/configuration/ClientRegistrationRegistrar.kt
+++ b/ambassador-application/src/main/kotlin/com/roche/ambassador/security/configuration/ClientRegistrationRegistrar.kt
@@ -29,15 +29,19 @@ internal class ClientRegistrationRegistrar(private val projectSourcesProperties:
         if (clientRegistrations.isEmpty()) {
             throw IllegalStateException("No valid client registration")
         }
-        log.info("Registered OAuth2 clients: {}", clientRegistrations.joinToString { it.clientName })
+        log.info("Registered OAuth2 clients: {}", clientRegistrations.joinToString { it.asHumanReadable() })
         return InMemoryReactiveClientRegistrationRepository(clientRegistrations)
     }
 
+    private fun ClientRegistration.asHumanReadable(): String {
+        return "$clientName (redirect-uri=${redirectUri},scopes=(${scopes.joinToString(", ")}))"
+    }
+
     private fun completeRegistration(partialRegistration: ClientRegistration): ClientRegistration {
         return ClientRegistration.withClientRegistration(partialRegistration)
             .clientSecret(projectSourcesProperties.clientSecret)
             .clientId(projectSourcesProperties.clientId)
-            .redirectUri("http://localhost:8080/login/oauth2/code/gitlab")
+            .redirectUri("{baseUrl}/login/oauth2/code/${partialRegistration.registrationId}")
             .authorizationGrantType(partialRegistration.authorizationGrantType ?: DEFAULT_AUTHORIZATION_GRANT_TYPE)
             .build()
     }