From 6c2ca6ceb969a422a30f08b7131e3e4f9d7fb970 Mon Sep 17 00:00:00 2001 From: Timothy Wang Date: Thu, 8 Aug 2024 10:10:36 -0400 Subject: [PATCH] Address PR comments. Change AAD variable to ENTRA_ID. Change route matching to use supported auth constant list. --- src/core/constants.ts | 9 ++++++--- src/msha/auth/index.ts | 7 +++++-- src/msha/auth/routes/auth-login-provider-callback.ts | 4 ++-- src/msha/auth/routes/auth-login-provider-custom.ts | 8 ++++---- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/src/core/constants.ts b/src/core/constants.ts index d921d2fa..a8dd52f1 100644 --- a/src/core/constants.ts +++ b/src/core/constants.ts @@ -50,9 +50,12 @@ export const SWA_AUTH_COOKIE = `StaticWebAppsAuthCookie`; export const ALLOWED_HTTP_METHODS_FOR_STATIC_CONTENT = ["GET", "HEAD", "OPTIONS"]; // Custom Auth constants -export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad"]; -// Full name is required in staticwebapp.config.json's schema so we will normalize it to aad -export const AAD_FULL_NAME = "azureActiveDirectory"; +export const SUPPORTED_CUSTOM_AUTH_PROVIDERS = ["google", "github", "aad", "dummy"]; +/* + The full name is required in staticwebapp.config.json's schema that will be normalized to aad + https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-custom?tabs=aad%2Cinvitations +*/ +export const ENTRAID_FULL_NAME = "azureActiveDirectory"; export const CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING: AuthIdentityTokenEndpoints = { google: { host: "oauth2.googleapis.com", diff --git a/src/msha/auth/index.ts b/src/msha/auth/index.ts index bb660c62..ac129559 100644 --- a/src/msha/auth/index.ts +++ b/src/msha/auth/index.ts @@ -2,21 +2,24 @@ import type http from "node:http"; import { serializeCookie } from "../../core/utils/cookie.js"; import { logger } from "../../core/utils/logger.js"; import { response as newResponse } from "../../core/utils/net.js"; +import { SUPPORTED_CUSTOM_AUTH_PROVIDERS } from "../../core/constants.js"; function getAuthPaths(isCustomAuth: boolean): Path[] { const paths: Path[] = []; if (isCustomAuth) { + const supportedAuthsRegex = SUPPORTED_CUSTOM_AUTH_PROVIDERS.join("|"); + paths.push({ method: "GET", // only match for providers with custom auth support implemented (github, google, aad) - route: /^\/\.auth\/login\/(?github|google|aad|dummy)\/callback(\?.*)?$/i, + route: new RegExp(`^/\\.auth/login/(?${supportedAuthsRegex})/callback(\\?.*)?$`, "i"), function: "auth-login-provider-callback", }); paths.push({ method: "GET", // only match for providers with custom auth support implemented (github, google, aad) - route: /^\/\.auth\/login\/(?github|google|aad|dummy)(\?.*)?$/i, + route: new RegExp(`^/\\.auth/login/(?${supportedAuthsRegex})(\\?.*)?$`, "i"), function: "auth-login-provider-custom", }); paths.push({ diff --git a/src/msha/auth/routes/auth-login-provider-callback.ts b/src/msha/auth/routes/auth-login-provider-callback.ts index 839a5bf5..d8e2d47b 100644 --- a/src/msha/auth/routes/auth-login-provider-callback.ts +++ b/src/msha/auth/routes/auth-login-provider-callback.ts @@ -5,7 +5,7 @@ import * as querystring from "node:querystring"; import { CookiesManager, decodeAuthContextCookie, validateAuthContextCookie } from "../../../core/utils/cookie.js"; import { parseUrl, response } from "../../../core/utils/net.js"; import { - AAD_FULL_NAME, + ENTRAID_FULL_NAME, CUSTOM_AUTH_ISS_MAPPING, CUSTOM_AUTH_TOKEN_ENDPOINT_MAPPING, CUSTOM_AUTH_USER_ENDPOINT_MAPPING, @@ -335,7 +335,7 @@ const httpTrigger = async function (context: Context, request: http.IncomingMess } const { clientIdSettingName, clientSecretSettingName, openIdIssuer } = - customAuth?.identityProviders?.[providerName == "aad" ? AAD_FULL_NAME : providerName]?.registration || {}; + customAuth?.identityProviders?.[providerName == "aad" ? ENTRAID_FULL_NAME : providerName]?.registration || {}; if (!clientIdSettingName) { context.res = response({ diff --git a/src/msha/auth/routes/auth-login-provider-custom.ts b/src/msha/auth/routes/auth-login-provider-custom.ts index 00051392..5df1c564 100644 --- a/src/msha/auth/routes/auth-login-provider-custom.ts +++ b/src/msha/auth/routes/auth-login-provider-custom.ts @@ -1,12 +1,12 @@ import { IncomingMessage } from "node:http"; import { CookiesManager } from "../../../core/utils/cookie.js"; import { response } from "../../../core/utils/net.js"; -import { AAD_FULL_NAME, SUPPORTED_CUSTOM_AUTH_PROVIDERS, SWA_CLI_APP_PROTOCOL } from "../../../core/constants.js"; +import { ENTRAID_FULL_NAME, SUPPORTED_CUSTOM_AUTH_PROVIDERS, SWA_CLI_APP_PROTOCOL } from "../../../core/constants.js"; import { DEFAULT_CONFIG } from "../../../config.js"; import { encryptAndSign, extractPostLoginRedirectUri, hashStateGuid, newNonceWithExpiration } from "../../../core/utils/auth.js"; export const normalizeAuthProvider = (providerName?: string) => { - if (providerName === AAD_FULL_NAME) { + if (providerName === ENTRAID_FULL_NAME) { return "aad"; } return providerName?.toLowerCase() || ""; @@ -28,7 +28,7 @@ const httpTrigger = async function (context: Context, request: IncomingMessage, } const clientIdSettingName = - customAuth?.identityProviders?.[providerName == "aad" ? AAD_FULL_NAME : providerName]?.registration?.clientIdSettingName; + customAuth?.identityProviders?.[providerName == "aad" ? ENTRAID_FULL_NAME : providerName]?.registration?.clientIdSettingName; if (!clientIdSettingName) { context.res = response({ @@ -54,7 +54,7 @@ const httpTrigger = async function (context: Context, request: IncomingMessage, let aadIssuer; if (providerName == "aad") { - aadIssuer = customAuth?.identityProviders?.[AAD_FULL_NAME]?.registration?.openIdIssuer; + aadIssuer = customAuth?.identityProviders?.[ENTRAID_FULL_NAME]?.registration?.openIdIssuer; if (!aadIssuer) { context.res = response({