add authentication cases to autodiscovery tests

Kerry Archibald · Kerry Archibald · commit 7e3d13f43b2f · 2023-06-01T17:36:52.000+12:00
diff --git a/spec/unit/autodiscovery.spec.ts b/spec/unit/autodiscovery.spec.ts
@@ -18,6 +18,7 @@ limitations under the License.
 import MockHttpBackend from "matrix-mock-request";
 
 import { AutoDiscovery } from "../../src/autodiscovery";
+import { OidcDiscoveryError } from "../../src/oidc/validate";
 
 describe("AutoDiscovery", function () {
     const getHttpBackend = (): MockHttpBackend => {
@@ -368,7 +369,7 @@ describe("AutoDiscovery", function () {
         },
     );
 
-    it("should return SUCCESS when .well-known has a verifiably accurate base_url for " + "m.homeserver", function () {
+    it("should return SUCCESS when .well-known has a verifiably accurate base_url for m.homeserver", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -397,6 +398,10 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: null,
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcDiscoveryError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -434,6 +439,10 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: null,
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcDiscoveryError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
@@ -625,7 +634,7 @@ describe("AutoDiscovery", function () {
         },
     );
 
-    it("should return SUCCESS when the identity server configuration is " + "verifiably accurate", function () {
+    it("should return SUCCESS when the identity server configuration is verifiably accurate", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -664,14 +673,18 @@ describe("AutoDiscovery", function () {
                         error: null,
                         base_url: "https://identity.example.org",
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcDiscoveryError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
             }),
         ]);
     });
 
-    it("should return SUCCESS and preserve non-standard keys from the " + ".well-known response", function () {
+    it("should return SUCCESS and preserve non-standard keys from the .well-known response", function () {
         const httpBackend = getHttpBackend();
         httpBackend
             .when("GET", "/_matrix/client/versions")
@@ -716,6 +729,10 @@ describe("AutoDiscovery", function () {
                     "org.example.custom.property": {
                         cupcakes: "yes",
                     },
+                    "m.authentication": {
+                        state: "IGNORE",
+                        error: OidcDiscoveryError.NotSupported,
+                    },
                 };
 
                 expect(conf).toEqual(expected);
diff --git a/src/autodiscovery.ts b/src/autodiscovery.ts
@@ -15,7 +15,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-import { IClientWellKnown, IWellKnownConfig, IDelegatedAuthConfig, IServerVersions } from "./client";
+import { IClientWellKnown, IWellKnownConfig, IDelegatedAuthConfig, IServerVersions, M_AUTHENTICATION } from "./client";
 import { logger } from "./logger";
 import { MatrixError, Method, timeoutSignal } from "./http-api";
 import {
@@ -268,7 +268,7 @@ export class AutoDiscovery {
         });
 
         const authConfig = await this.validateDiscoveryAuthenticationConfig(wellknown);
-        clientConfig.m_authentication = authConfig;
+        clientConfig[M_AUTHENTICATION.stable!] = authConfig;
 
         // Step 8: Give the config to the caller (finally)
         return Promise.resolve(clientConfig);
@@ -300,16 +300,19 @@ export class AutoDiscovery {
             };
             return delegatedAuthConfig;
         } catch (error) {
-            console.log("hhh", error);
-
             const errorMessage = (error as Error).message as unknown as OidcDiscoveryError;
             const errorType = Object.values(OidcDiscoveryError).includes(errorMessage)
                 ? errorMessage
                 : OidcDiscoveryError.General;
 
+            const state =
+                errorType === OidcDiscoveryError.NotSupported
+                    ? AutoDiscoveryAction.IGNORE
+                    : AutoDiscoveryAction.FAIL_ERROR;
+
             // @TODO(kerrya) better way to handle this fail type
             return {
-                state: AutoDiscoveryAction.FAIL_ERROR,
+                state,
                 error: errorType,
             } as unknown as DelegatedAuthConfig;
         }
diff --git a/src/oidc/validate.ts b/src/oidc/validate.ts
@@ -1,3 +1,19 @@
+/*
+Copyright 2023 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 import { IClientWellKnown, IDelegatedAuthConfig, M_AUTHENTICATION } from "../client";
 import { logger } from "../logger";
 
@@ -29,8 +45,8 @@ export const validateWellKnownAuthentication = (wellKnown: IClientWellKnown): ID
     }
 
     if (
-        (typeof authentication.issuer === "string" && !authentication.account) ||
-        typeof authentication.account === "string"
+        typeof authentication.issuer === "string" &&
+        (!authentication.account || typeof authentication.account === "string")
     ) {
         return {
             issuer: authentication.issuer,
@@ -42,7 +58,8 @@ export const validateWellKnownAuthentication = (wellKnown: IClientWellKnown): ID
 };
 
 // force into a record to make accessing properties easier
-const isRecord = (value: unknown): value is Record<string, unknown> => !!value && typeof value === "object";
+const isRecord = (value: unknown): value is Record<string, unknown> =>
+    !!value && typeof value === "object" && !Array.isArray(value);
 const requiredStringProperty = (wellKnown: Record<string, unknown>, key: string): boolean => {
     if (!wellKnown[key] || typeof wellKnown[key] !== "string") {
         logger.error(`OIDC issuer configuration: ${key} is invalid`);
@@ -52,7 +69,7 @@ const requiredStringProperty = (wellKnown: Record<string, unknown>, key: string)
 };
 const requiredArrayValue = (wellKnown: Record<string, unknown>, key: string, value: any): boolean => {
     const array = wellKnown[key];
-    if (!array || !Array.isArray(array) || !array.find(value)) {
+    if (!array || !Array.isArray(array) || !array.includes(value)) {
         logger.error(`OIDC issuer configuration: ${key} is invalid. ${value} is required.`);
         return false;
     }
@@ -69,7 +86,7 @@ const requiredArrayValue = (wellKnown: Record<string, unknown>, key: string, val
  */
 export const validateOIDCIssuerWellKnown = (wellKnown: unknown): ValidatedIssuerConfig => {
     if (!isRecord(wellKnown)) {
-        logger.error("Issuer configuration not found");
+        logger.error("Issuer configuration not found or malformed");
         throw new Error(OidcDiscoveryError.OpSupport);
     }
 
