From 17d799320e080d85eea6cf083cf077e79d6a3c1e Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Tue, 16 Aug 2016 15:26:18 +0100
Subject: [PATCH] Add RedirectURL param when requesting GH auth sessions

---
 README.md                                     |  1 +
 .../matrix-org/go-neb/realms/github/github.go | 25 +++++++++++++++++--
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6aa80d6..75f1a64 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,7 @@ curl -X POST localhost:4050/admin/requestAuthSession --data-binary '{
     "RealmID": "mygithubrealm",
     "UserID": "@your_user_id:localhost",
     "Config": {
+        "RedirectURL": "https://optional-url.com/to/redirect/to/after/auth"
     }
 }'
 ```
diff --git a/src/github.com/matrix-org/go-neb/realms/github/github.go b/src/github.com/matrix-org/go-neb/realms/github/github.go
index 677df7b..1dbc812 100644
--- a/src/github.com/matrix-org/go-neb/realms/github/github.go
+++ b/src/github.com/matrix-org/go-neb/realms/github/github.go
@@ -25,6 +25,8 @@ type GithubRealm struct {
 
 // GithubSession represents an authenticated github session
 type GithubSession struct {
+	// The client-supplied URL to redirect them to after the auth process is complete.
+	ClientsRedirectURL string
 	// AccessToken is the github access token for the user
 	AccessToken string
 	// Scopes are the set of *ALLOWED* scopes (which may not be the same as the requested scopes)
@@ -108,6 +110,7 @@ func (r *GithubRealm) RequestAuthSession(userID string, req json.RawMessage) int
 		log.WithError(err).Print("Failed to generate state param")
 		return nil
 	}
+
 	u, _ := url.Parse("https://github.com/login/oauth/authorize")
 	q := u.Query()
 	q.Set("client_id", r.ClientID)
@@ -120,6 +123,17 @@ func (r *GithubRealm) RequestAuthSession(userID string, req json.RawMessage) int
 		userID:  userID,
 		realmID: r.ID(),
 	}
+
+	// check if they supplied a redirect URL
+	var reqBody struct {
+		RedirectURL string
+	}
+	if err = json.Unmarshal(req, &reqBody); err != nil {
+		log.WithError(err).Print("Failed to decode request body")
+		return nil
+	}
+	session.ClientsRedirectURL = reqBody.RedirectURL
+
 	_, err = database.GetServiceDB().StoreAuthSession(session)
 	if err != nil {
 		log.WithError(err).Print("Failed to store new auth session")
@@ -186,8 +200,15 @@ func (r *GithubRealm) OnReceiveRedirect(w http.ResponseWriter, req *http.Request
 		failWith(logger, w, 500, "Failed to persist session", err)
 		return
 	}
-	w.WriteHeader(200)
-	w.Write([]byte("OK!"))
+	if ghSession.ClientsRedirectURL != "" {
+		w.WriteHeader(302)
+		w.Header().Set("Location", ghSession.ClientsRedirectURL)
+		// technically don't need a body but *shrug*
+		w.Write([]byte(ghSession.ClientsRedirectURL))
+	} else {
+		w.WriteHeader(200)
+		w.Write([]byte("You have successfully linked your Github account to " + ghSession.UserID()))
+	}
 }
 
 // AuthSession returns a GithubSession for this user