Client + API: Mark organizations expired *before* processing url

1 files changed, 21 insertions, 5 deletions

diff --git a/internal/server/secureinternet.go b/internal/server/secureinternet.go
index 0571e5f..f167756 100644
--- a/internal/server/secureinternet.go
+++ b/internal/server/secureinternet.go
@@ -29,12 +29,19 @@ func (s *Servers) AddSecure(ctx context.Context, disco *discovery.Discovery, org
 	}
 
 	sd := api.ServerData{
-		ID:         orgID,
+		ID:         dorg.OrgID,
 		Type:       server.TypeSecureInternet,
 		BaseWK:     dsrv.BaseURL,
 		BaseAuthWK: dsrv.BaseURL,
-		ProcessAuth: func(url string) string {
-			return util.ReplaceWAYF(dsrv.AuthenticationURLTemplate, url, dorg.OrgID)
+		ProcessAuth: func(ctx context.Context, url string) (string, error) {
+			disco.Servers(ctx)
+			disco.Organizations(ctx)
+			updorg, updsrv, err := disco.SecureHomeArgs(orgID)
+			if err != nil {
+				return "", err
+			}
+			ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+			return ret, nil
 		},
 	}
 
@@ -96,8 +103,17 @@ func (s *Servers) GetSecure(ctx context.Context, orgID string, disco *discovery.
 		Type:       server.TypeSecureInternet,
 		BaseWK:     dloc.BaseURL,
 		BaseAuthWK: dhome.BaseURL,
-		ProcessAuth: func(url string) string {
-			return util.ReplaceWAYF(dhome.AuthenticationURLTemplate, url, dorg.OrgID)
+		ProcessAuth: func(ctx context.Context, url string) (string, error) {
+			disco.MarkServersExpired()
+			disco.Servers(ctx)
+			disco.MarkOrganizationsExpired()
+			disco.Organizations(ctx)
+			updorg, updsrv, err := disco.SecureHomeArgs(orgID)
+			if err != nil {
+				return "", err
+			}
+			ret := util.ReplaceWAYF(updsrv.AuthenticationURLTemplate, url, updorg.OrgID)
+			return ret, nil
 		},
 		DisableAuthorize: disableAuth,
 	}