From 4df73714e0840b57d77b8f2b5d6c04f76b3d5826 Mon Sep 17 00:00:00 2001
From: Robert Dey <robert.dey@xapling.de>
Date: Tue, 2 Aug 2022 14:06:00 +0200
Subject: [PATCH] Fix totp manual link for proxy mode

Closes #11774
---
 .../freemarker/FreeMarkerLoginFormsProvider.java   | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java b/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java
index 3caf88a32f..1fcad18c76 100755
--- a/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java
+++ b/services/src/main/java/org/keycloak/forms/login/freemarker/FreeMarkerLoginFormsProvider.java
@@ -228,7 +228,7 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
 
         switch (page) {
             case LOGIN_CONFIG_TOTP:
-                attributes.put("totp", new TotpBean(session, realm, user, uriInfo.getRequestUriBuilder()));
+                attributes.put("totp", new TotpBean(session, realm, user, getTotpUriBuilder()));
                 break;
             case LOGIN_RECOVERY_AUTHN_CODES_CONFIG:
                 attributes.put("recoveryAuthnCodesConfigBean", new RecoveryAuthnCodesBean());
@@ -306,6 +306,18 @@ public class FreeMarkerLoginFormsProvider implements LoginFormsProvider {
         return session.getProvider(UserProfileProvider.class).getConfiguration() != null;
     }
 
+    /**
+     * Get sure that correct hostname and path is used for totp form.
+     * Relevant when running in proxy mode.
+     *
+     * @return UriBuilder with configured hostname and path set
+     */
+    private UriBuilder getTotpUriBuilder() {
+        return uriInfo.getBaseUriBuilder()
+                .path(uriInfo.getRequestUri().getPath())
+                .replaceQuery(uriInfo.getRequestUri().getQuery());
+    }
+
     @Override
     public Response createForm(String form) {
         Theme theme;