Address PR comments. Change AAD variable to ENTRA_ID. Change route ma…

…tching to use supported auth constant list.
Timothyw0 · Aug 8, 2024 · 6c2ca6c · 6c2ca6c
1 parent 3b1a557
commit 6c2ca6c
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 11 deletions.
diff --git a/src/core/constants.ts b/src/core/constants.ts
@@ -50,9 +50,12 @@ export const SWA_AUTH_COOKIE = `StaticWebAppsAuthCookie`;
 export const ALLOWED_HTTP_METHODS_FOR_STATIC_CONTENT = ["GET", "HEAD", "OPTIONS"];
 
 // Custom Auth constants
-export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad"];
-// Full name is required in staticwebapp.config.json's schema so we will normalize it to aad
-export const AAD_FULL_NAME = "azureActiveDirectory";
+export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad", "dummy"];
+/*
+  The full name is required in staticwebapp.config.json's schema that will be normalized to aad
+  https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad%2Cinvitations
+*/
+export const ENTRAID_FULL_NAME = "azureActiveDirectory";
 export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = {
   google: {
     host: "oauth2.googleapis.com",

diff --git a/src/msha/auth/index.ts b/src/msha/auth/index.ts
@@ -2,21 +2,24 @@ import type http from "node:http";
 import { serializeCookie } from "../../core/utils/cookie.js";
 import { logger } from "../../core/utils/logger.js";
 import { response as newResponse } from "../../core/utils/net.js";
+import { SUPPORTED_CUSTOM_AUTH_PROVIDERS } from "../../core/constants.js";
 
 function getAuthPaths(isCustomAuth: boolean): Path[] {
   const paths: Path[] = [];
 
   if (isCustomAuth) {
+    const supportedAuthsRegex = SUPPORTED_CUSTOM_AUTH_PROVIDERS.join("|");
+
     paths.push({
       method: "GET",
       // only match for providers with custom auth support implemented (github, google, aad)
-      route: /^\/\.auth\/login\/(?<provider>github|google|aad|dummy)\/callback(\?.*)?$/i,
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})/callback(\\?.*)?$`, "i"),
       function: "auth-login-provider-callback",
     });
     paths.push({
       method: "GET",
       // only match for providers with custom auth support implemented (github, google, aad)
-      route: /^\/\.auth\/login\/(?<provider>github|google|aad|dummy)(\?.*)?$/i,
+      route: new RegExp(`^/\\.auth/login/(?<provider>${supportedAuthsRegex})(\\?.*)?$`, "i"),
       function: "auth-login-provider-custom",
     });
     paths.push({

diff --git a/src/msha/auth/routes/auth-login-provider-callback.ts b/src/msha/auth/routes/auth-login-provider-callback.ts
@@ -5,7 +5,7 @@ import * as querystring from "node:querystring";
 import { CookiesManager, decodeAuthContextCookie, validateAuthContextCookie } from "../../../core/utils/cookie.js";
 import { parseUrl, response } from "../../../core/utils/net.js";
 import {
-  AAD_FULL_NAME,
+  ENTRAID_FULL_NAME,
   CUSTOM_AUTH_ISS_MAPPING,
   CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING,
   CUSTOM_AUTH_USER_ENDPOINT_MAPPING,
@@ -335,7 +335,7 @@ const httpTrigger = async function (context: Context, request: http.IncomingMess
   }
 
   const { clientIdSettingName, clientSecretSettingName, openIdIssuer } =
-    customAuth?.identityProviders?.[providerName == "aad" ? AAD_FULL_NAME : providerName]?.registration || {};
+    customAuth?.identityProviders?.[providerName == "aad" ? ENTRAID_FULL_NAME : providerName]?.registration || {};
 
   if (!clientIdSettingName) {
     context.res = response({

diff --git a/src/msha/auth/routes/auth-login-provider-custom.ts b/src/msha/auth/routes/auth-login-provider-custom.ts
@@ -1,12 +1,12 @@
 import { IncomingMessage } from "node:http";
 import { CookiesManager } from "../../../core/utils/cookie.js";
 import { response } from "../../../core/utils/net.js";
-import { AAD_FULL_NAME, SUPPORTED_CUSTOM_AUTH_PROVIDERS, SWA_CLI_APP_PROTOCOL } from "../../../core/constants.js";
+import { ENTRAID_FULL_NAME, SUPPORTED_CUSTOM_AUTH_PROVIDERS, SWA_CLI_APP_PROTOCOL } from "../../../core/constants.js";
 import { DEFAULT_CONFIG } from "../../../config.js";
 import { encryptAndSign, extractPostLoginRedirectUri, hashStateGuid, newNonceWithExpiration } from "../../../core/utils/auth.js";
 
 export const normalizeAuthProvider = (providerName?: string) => {
-  if (providerName === AAD_FULL_NAME) {
+  if (providerName === ENTRAID_FULL_NAME) {
     return "aad";
   }
   return providerName?.toLowerCase() || "";
@@ -28,7 +28,7 @@ const httpTrigger = async function (context: Context, request: IncomingMessage,
   }
 
   const clientIdSettingName =
-    customAuth?.identityProviders?.[providerName == "aad" ? AAD_FULL_NAME : providerName]?.registration?.clientIdSettingName;
+    customAuth?.identityProviders?.[providerName == "aad" ? ENTRAID_FULL_NAME : providerName]?.registration?.clientIdSettingName;
 
   if (!clientIdSettingName) {
     context.res = response({
@@ -54,7 +54,7 @@ const httpTrigger = async function (context: Context, request: IncomingMessage,
 
   let aadIssuer;
   if (providerName == "aad") {
-    aadIssuer = customAuth?.identityProviders?.[AAD_FULL_NAME]?.registration?.openIdIssuer;
+    aadIssuer = customAuth?.identityProviders?.[ENTRAID_FULL_NAME]?.registration?.openIdIssuer;
 
     if (!aadIssuer) {
       context.res = response({