Netlify-cms: Login with github as backend fails if base url contains additional path segment

Created on 17 Apr 2020  路  5Comments  路  Source: netlify/netlify-cms

Describe the bug
If you use github as backend the following basic setup is required:

  • run your own github auth server backend (see https://github.com/vencax/netlify-cms-github-oauth-provider) - https://mygithub-auth-backend.org as an example
    -create oauth app in github and configure callback url pointing to your github auth server backend (https://mygithub-auth-backend.org/callback)
  • set base_url in config.yml according to your github auth server backend (https://mygithub-auth-backend.org)
    --> This works well if the base url does not contain any path segment. This does not work if you use an additional path segment in your github auth server.

Example:

The authentication and token creation with github is successfull but the communication between the auth popup and the original page fails.

To Reproduce

  • setup github auth backend with additional path segment
  • adjust base_url in config
  • try to login

Expected behavior
Login should work

Applicable Versions:

  • Netlify CMS version: app - 2.12.9, core: 2.24.4, cms: 2.10.45
  • Git provider: Github
  • OS: windows 10
  • Browser version Chrome 80

Additional context
It seems that the following check in netlify-auth.js is not working:
e.origin !== this.base_url
I think origin is always just the host without any path segment.

good first issue confirmed bug
Source
picture agairing
1

Most helpful comment

Ok, and I can try to create a PR. What about sth. like
this.base_url.indexOf(e.origin) !== 0
?

picture agairing on 19 Apr 2020
2 👍2

All 5 comments

Thanks @agairing, looks like origin contains the schema and port too:
https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#The_dispatched_event
We would gladly accept a PR for it (probably we just need to parse base_url and reconstruct without the path).

erezrokah picture erezrokah on 19 Apr 2020
1 👍1

Ok, and I can try to create a PR. What about sth. like
this.base_url.indexOf(e.origin) !== 0
?

agairing picture agairing on 19 Apr 2020
2 👍2

How about e.origin !== new URL(this.base_url).origin ? It makes it clear what we're checking and is stricter.

erezrokah picture erezrokah on 20 Apr 2020

Fine for me.
I just did the local setup and executed the tests before changing anything. 34 tests are failing on windows.
Example:
Expected: ObjectContaining {"path": "static/media/abc_def_eaco_.png"} Received: {"field": undefined, "fileObj": {}, "path": "static\\media\\abc_def_eaco_.png", "url": "displayURL"}

How should this be handled? At first glance, it seems that the test is not cross platform compatible.

agairing picture agairing on 24 Apr 2020

@agairing, thanks for letting us know. I opened an new issue for that https://github.com/netlify/netlify-cms/issues/3655 and I'm surprised our CI doesn't fail it since it we run the tests on Widows too: https://github.com/netlify/netlify-cms/runs/609296943?check_suite_focus=true#step:6:1496.
I think you could just test the fix locally and submit it and I'll take care of the tests.

erezrokah picture erezrokah on 24 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

calavera picture calavera  路  3Comments
noelmace picture noelmace  路  3Comments
emckay picture emckay  路  3Comments
bkroggel picture bkroggel  路  3Comments
BerkeleyTrue picture BerkeleyTrue  路  3Comments