From 0310bfa3e382660a337fb484be767d5b5b5009e4 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@zerotier.com>
Date: Fri, 23 Jul 2021 19:17:42 -0400
Subject: [PATCH] Include authentication URL in config

---
 controller/EmbeddedNetworkController.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 5709878c0..a22b32207 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1355,21 +1355,21 @@ void EmbeddedNetworkController::_request(
 		member["lastAuthorizedCredential"] = autoAuthCredential;
 	}
 
-
 	// Should we check SSO Stuff?
 	// If network is configured with SSO, and the member is not marked exempt: yes
 	// Otherwise no, we use standard auth logic.
 	bool networkSSOEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
 	bool memberSSOExempt = OSUtils::jsonBool(member["ssoExempt"], false);
+	std::string authenticationURL;
 
 	if (networkSSOEnabled && !memberSSOExempt) {
+		authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
 		std::string memberId = member["id"];
 		fprintf(stderr, "ssoEnabled && !ssoExempt %s-%s\n", nwids, memberId.c_str());
 		uint64_t authenticationExpiryTime = (int64_t)OSUtils::jsonInt(member["authenticationExpiryTime"], 0);
 		if (authenticationExpiryTime > 0) {
 			fprintf(stderr, "authExpiryTime: %lld\n", authenticationExpiryTime);
 			if (authenticationExpiryTime < now) {
-				std::string authenticationURL = _db.getSSOAuthURL(member, _ssoRedirectURL);
 				if (!authenticationURL.empty()) {
 					Dictionary<3072> authInfo;
 					authInfo.add("aU", authenticationURL.c_str());
@@ -1377,9 +1377,9 @@ void EmbeddedNetworkController::_request(
 					DB::cleanMember(member);
 					_db.save(member,true);
 					_sender->ncSendError(nwid,requestPacketId,identity.address(),NetworkController::NC_ERROR_AUTHENTICATION_REQUIRED, authInfo.data(), authInfo.sizeBytes());
-					return;
 				}
-			} else {
+				return;
+			} else if (authorized) {
 				_db.memberExpiring(authenticationExpiryTime, nwid, identity.address().toInt());
 			}
 		}
@@ -1451,7 +1451,8 @@ void EmbeddedNetworkController::_request(
 
 	nc->ssoEnabled = OSUtils::jsonBool(network["ssoEnabled"], false);
 	nc->authenticationExpiryTime = OSUtils::jsonInt(member["authenticationExpiryTime"], 0LL);
-
+	if (!authenticationURL.empty())
+		Utils::scopy(nc->authenticationURL, sizeof(nc->authenticationURL), authenticationURL.c_str());
 
 	std::string rtt(OSUtils::jsonString(member["remoteTraceTarget"],""));
 	if (rtt.length() == 10) {