From 233e85eeee1756b483c5bb36e801d5ef525c8493 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Tue, 16 Aug 2016 15:55:36 +0100
Subject: [PATCH] Add redirect URL for JIRA auth

---
 README.md                                     |  1 +
 .../matrix-org/go-neb/realms/jira/jira.go     | 47 ++++++++++++++-----
 2 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 75f1a64..27c22a4 100644
--- a/README.md
+++ b/README.md
@@ -266,6 +266,7 @@ curl -X POST localhost:4050/admin/requestAuthSession --data-binary '{
     "RealmID": "jirarealm",
     "UserID": "@example:localhost",
     "Config": {
+        "RedirectURL": "https://optional-url.com/to/redirect/to/after/auth"
     }
 }'
 ```
diff --git a/src/github.com/matrix-org/go-neb/realms/jira/jira.go b/src/github.com/matrix-org/go-neb/realms/jira/jira.go
index 76005cf..d19a30b 100644
--- a/src/github.com/matrix-org/go-neb/realms/jira/jira.go
+++ b/src/github.com/matrix-org/go-neb/realms/jira/jira.go
@@ -39,12 +39,13 @@ type JIRARealm struct {
 // JIRASession represents a single authentication session between a user and a JIRA endpoint.
 // The endpoint is dictated by the realm ID.
 type JIRASession struct {
-	id            string // request token
-	userID        string
-	realmID       string
-	RequestSecret string
-	AccessToken   string
-	AccessSecret  string
+	id                 string // request token
+	userID             string
+	realmID            string
+	RequestSecret      string
+	AccessToken        string
+	AccessSecret       string
+	ClientsRedirectURL string // where to redirect the client to after auth
 }
 
 // Authenticated returns true if the user has completed the auth process
@@ -132,6 +133,16 @@ func (r *JIRARealm) Register() error {
 // RequestAuthSession is called by a user wishing to auth with this JIRA realm
 func (r *JIRARealm) RequestAuthSession(userID string, req json.RawMessage) interface{} {
 	logger := log.WithField("jira_url", r.JIRAEndpoint)
+
+	// check if they supplied a redirect URL
+	var reqBody struct {
+		RedirectURL string
+	}
+	if err := json.Unmarshal(req, &reqBody); err != nil {
+		log.WithError(err).Print("Failed to decode request body")
+		return nil
+	}
+
 	authConfig := r.oauth1Config(r.JIRAEndpoint)
 	reqToken, reqSec, err := authConfig.RequestToken()
 	if err != nil {
@@ -146,10 +157,11 @@ func (r *JIRARealm) RequestAuthSession(userID string, req json.RawMessage) inter
 	}
 
 	_, err = database.GetServiceDB().StoreAuthSession(&JIRASession{
-		id:            reqToken,
-		userID:        userID,
-		realmID:       r.id,
-		RequestSecret: reqSec,
+		id:                 reqToken,
+		userID:             userID,
+		realmID:            r.id,
+		RequestSecret:      reqSec,
+		ClientsRedirectURL: reqBody.RedirectURL,
 	})
 	if err != nil {
 		log.WithError(err).Print("Failed to store new auth session")
@@ -202,8 +214,19 @@ func (r *JIRARealm) OnReceiveRedirect(w http.ResponseWriter, req *http.Request)
 		failWith(logger, w, 500, "Failed to persist JIRA session", err)
 		return
 	}
-	w.WriteHeader(200)
-	w.Write([]byte("OK!"))
+	if jiraSession.ClientsRedirectURL != "" {
+		w.WriteHeader(302)
+		w.Header().Set("Location", jiraSession.ClientsRedirectURL)
+		// technically don't need a body but *shrug*
+		w.Write([]byte(jiraSession.ClientsRedirectURL))
+	} else {
+		w.WriteHeader(200)
+		w.Write([]byte(
+			fmt.Sprintf("You have successfully linked your JIRA account on %s to %s",
+				r.JIRAEndpoint, jiraSession.UserID(),
+			),
+		))
+	}
 }
 
 // AuthSession returns a JIRASession with the given parameters