Skip to content

Commit

Permalink
fix(oidc-service-worker): bad request on many token request at the sa…
Browse files Browse the repository at this point in the history
…me time (#1300) (release)
  • Loading branch information
guillaume-chervet authored Feb 15, 2024
1 parent aa69ce6 commit 77329ce
Show file tree
Hide file tree
Showing 3 changed files with 48 additions and 20 deletions.
39 changes: 20 additions & 19 deletions packages/oidc-client-service-worker/src/OidcServiceWorker.ts
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import {
serializeHeaders,
sleep,
} from './utils';
import { replaceCodeVerifier } from './utils/codeVerifier';
import {extractConfigurationNameFromCodeVerifier, replaceCodeVerifier} from './utils/codeVerifier';
import { normalizeUrl } from './utils/normalizeUrl';
import version from './version';

Expand Down Expand Up @@ -51,7 +51,6 @@ const handleActivate = (event: ExtendableEvent) => {
event.waitUntil(_self.clients.claim());
};

let currentLoginCallbackConfigurationName: string | null = null;
const database: Database = {};

const getCurrentDatabasesTokenEndpoint = (database: Database, url: string) => {
Expand Down Expand Up @@ -136,10 +135,16 @@ const handleFetch = async (event: FetchEvent) => {
...serializeHeaders(originalRequest.headers),
};
} else {

const authorization = originalRequest.headers.get('authorization');
if (!authorization ) {
throw new Error('No authorization header');
}
const authentificationMode = authorization.split(" ")[0];
headers = {
...serializeHeaders(originalRequest.headers),
authorization:
'Bearer ' + currentDatabaseForRequestAccessToken.tokens.access_token,
authentificationMode + ' ' + currentDatabaseForRequestAccessToken.tokens.access_token,
};
}
let init: RequestInit;
Expand Down Expand Up @@ -232,21 +237,24 @@ const handleFetch = async (event: FetchEvent) => {
return new Response(text, response);
});
}
return fetchPromise.then(hideTokens(currentDatabase as OidcConfig)); // todo type assertion to OidcConfig but could be null, NEEDS REVIEW
return fetchPromise.then(hideTokens(currentDatabase as OidcConfig));
} else if (
actualBody.includes('code_verifier=') &&
currentLoginCallbackConfigurationName
extractConfigurationNameFromCodeVerifier(actualBody) != null
) {
const currentLoginCallbackConfigurationName = extractConfigurationNameFromCodeVerifier(
actualBody,
);
// @ts-ignore
currentDatabase = database[currentLoginCallbackConfigurationName];
currentLoginCallbackConfigurationName = null;
let newBody = actualBody;
if (currentDatabase && currentDatabase.codeVerifier != null) {
newBody = replaceCodeVerifier(
newBody,
currentDatabase.codeVerifier,
);
}

return fetch(originalRequest, {
body: newBody,
method: clonedRequest.method,
Expand All @@ -259,6 +267,7 @@ const handleFetch = async (event: FetchEvent) => {
referrer: clonedRequest.referrer,
credentials: clonedRequest.credentials,
integrity: clonedRequest.integrity,
// @ts-ignore
}).then(hideTokens(currentDatabase));
}

Expand Down Expand Up @@ -338,7 +347,7 @@ const handleMessage = (event: ExtendableMessageEvent) => {
trustedDomains[configurationName] = [];
}
}

console.log('[OidcServiceWorker] handleMessage', data.type);
switch (data.type) {
case 'clear':
currentDatabase.tokens = null;
Expand All @@ -363,15 +372,6 @@ const handleMessage = (event: ExtendableMessageEvent) => {
}
currentDatabase.oidcServerConfiguration = oidcServerConfiguration;
currentDatabase.oidcConfiguration = data.data.oidcConfiguration;
const where = data.data.where;
if (
where === 'loginCallbackAsync' ||
where === 'tryKeepExistingSessionAsync'
) {
currentLoginCallbackConfigurationName = configurationName;
} else {
currentLoginCallbackConfigurationName = null;
}

if (!currentDatabase.tokens) {
port.postMessage({
Expand Down Expand Up @@ -487,8 +487,9 @@ const handleMessage = (event: ExtendableMessageEvent) => {
return;
}
default: {
currentDatabase.items = { ...data.data };
port.postMessage({ configurationName });
return;
// currentDatabase.items = { ...data.data };
// port.postMessage({ configurationName });
}
}
};
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { describe, expect, it } from 'vitest';

import { replaceCodeVerifier } from '../codeVerifier';
import { replaceCodeVerifier, extractConfigurationNameFromCodeVerifier } from '../codeVerifier';

describe('replaceCodeVerifier should', () => {
it.each([
Expand All @@ -11,3 +11,19 @@ describe('replaceCodeVerifier should', () => {
expect(bodyExpected).toEqual(result);
});
});


describe('extractConfigurationNameFromCodeVerifier should', () => {
it.each([
{ body: "code=56DB8E3592FBD48DCF6F65B38B12845FF0186ECF6D66ECB5425C0F7E658B7951-1&grant_type=authorization_code&client_id=interactive.public.short&redirect_uri=https%3A%2F%2Fblack-rock-0dc6b0d03.1.azurestaticapps.net%2Fauthentication%2Fcallback&code_verifier=CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_default", expected: 'default' },
{ body: "code=56DB8E3592FBD48DCF6F65B38B12845FF0186ECF6D66ECB5425C0F7E658B7951-1&code_verifier=CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_youhou&grant_type=authorization_code&client_id=interactive.public.short&redirect_uri=https%3A%2F%2Fblack-rock-0dc6b0d03.1.azurestaticapps.net%2Fauthentication%2Fcallback", expected: 'youhou' },
])('inject new codeVerifier', async ({ body, expected }) => {

const configurationName = extractConfigurationNameFromCodeVerifier(body);
console.log(configurationName);
expect(configurationName).toEqual(expected);
});
});



11 changes: 11 additions & 0 deletions packages/oidc-client-service-worker/src/utils/codeVerifier.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,14 @@ export function replaceCodeVerifier(codeVerifier:string, newCodeVerifier:string)
const regex = /code_verifier=[A-Za-z0-9_-]+/i;
return codeVerifier.replace(regex, `code_verifier=${newCodeVerifier}`);
}

export const extractConfigurationNameFromCodeVerifier = (chaine:string):string | null => {
const regex = /CODE_VERIFIER_SECURED_BY_OIDC_SERVICE_WORKER_([^&\s]+)/;
const result = chaine.match(regex);

if (result && result.length > 1) {
return result[1];
} else {
return null;
}
}

0 comments on commit 77329ce

Please sign in to comment.