More logging for SAML endpoints

2025-04-10 21:09:51 +02:00 · 2024-08-14 20:48:01 -07:00 · 2024-08-14 20:48:01 -07:00 · f6547a64a0
commit f6547a64a0
parent 61b5bd569b
2 changed files with 22 additions and 4 deletions
--- a/backend/ee/danswer/server/saml.py
+++ b/backend/ee/danswer/server/saml.py
@ -76,9 +76,13 @@ async def prepare_from_fastapi_request(request: Request) -> dict[str, Any]:
    if request.client is None:
        raise ValueError("Invalid request for SAML")

+    # Use X-Forwarded headers if available
+    http_host = request.headers.get("X-Forwarded-Host") or request.client.host
+    server_port = request.headers.get("X-Forwarded-Port") or request.url.port
+
    rv: dict[str, Any] = {
-        "http_host": request.client.host,
-        "server_port": request.url.port,
+        "http_host": http_host,
+        "server_port": server_port,
        "script_name": request.url.path,
        "post_data": {},
        "get_data": {},
@ -126,16 +130,20 @@ async def saml_login_callback(
        )

    if not auth.is_authenticated():
+        detail = "Access denied. User was not authenticated"
+        logger.error(detail)
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Access denied. User was not Authenticated.",
+            detail=detail,
        )

    user_email = auth.get_attribute("email")
    if not user_email:
+        detail = "SAML is not set up correctly, email attribute must be provided."
+        logger.error(detail)
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail="SAML is not set up correctly, email attribute must be provided.",
+            detail=detail,
        )

    user_email = user_email[0]
--- a/web/src/app/auth/saml/callback/route.ts
+++ b/web/src/app/auth/saml/callback/route.ts
@ -14,6 +14,16 @@ export const POST = async (request: NextRequest) => {
  const response = await fetch(url.toString(), {
    method: "POST",
    body: await request.formData(),
+    headers: {
+      "X-Forwarded-Host":
+        request.headers.get("X-Forwarded-Host") ||
+        request.headers.get("host") ||
+        "",
+      "X-Forwarded-Port":
+        request.headers.get("X-Forwarded-Port") ||
+        new URL(request.url).port ||
+        "",
+    },
  });
  const setCookieHeader = response.headers.get("set-cookie");