From 5d48f2476e630ae33cdc240b7b352db8e766f3ae Mon Sep 17 00:00:00 2001 From: Charles Lowell <10964656+chlowell@users.noreply.github.com> Date: Wed, 6 Nov 2024 10:43:20 -0800 Subject: [PATCH] Fix WithTenantID("adfs") regression --- apps/internal/oauth/ops/authority/authority.go | 8 +++----- apps/internal/oauth/ops/authority/authority_test.go | 5 +++-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/apps/internal/oauth/ops/authority/authority.go b/apps/internal/oauth/ops/authority/authority.go index 36240655..c3c4a96f 100644 --- a/apps/internal/oauth/ops/authority/authority.go +++ b/apps/internal/oauth/ops/authority/authority.go @@ -380,8 +380,9 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD return Info{}, errors.New(`authority must be an URL such as "https://login.microsoftonline.com/"`) } - var authorityType, tenant string - switch pathParts[1] { + authorityType := AAD + tenant := pathParts[1] + switch tenant { case "adfs": authorityType = ADFS case "dstsv2": @@ -393,9 +394,6 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD } authorityType = DSTS tenant = DSTSTenant - default: - authorityType = AAD - tenant = pathParts[1] } // u.Host includes the port, if any, which is required for private cloud deployments diff --git a/apps/internal/oauth/ops/authority/authority_test.go b/apps/internal/oauth/ops/authority/authority_test.go index 53422417..3a09adb2 100644 --- a/apps/internal/oauth/ops/authority/authority_test.go +++ b/apps/internal/oauth/ops/authority/authority_test.go @@ -330,8 +330,8 @@ func TestAuthorityParsing(t *testing.T) { }{ "AAD with slash": {"https://login.microsoftonline.com/common/", "MSSTS", "https://login.microsoftonline.com/common/", "common"}, "AAD without slash": {"https://login.microsoftonline.com/common", "MSSTS", "https://login.microsoftonline.com/common/", "common"}, - "ADFS with slash": {"https://adfs.example.com/adfs/", "ADFS", "https://adfs.example.com/adfs/", ""}, - "ADFS without slash": {"https://adfs.example.com/adfs", "ADFS", "https://adfs.example.com/adfs/", ""}, + "ADFS with slash": {"https://adfs.example.com/adfs/", "ADFS", "https://adfs.example.com/adfs/", "adfs"}, + "ADFS without slash": {"https://adfs.example.com/adfs", "ADFS", "https://adfs.example.com/adfs/", "adfs"}, "dSTS with slash": {dSTSWithSlash, "DSTS", dSTSWithSlash, DSTSTenant}, "dSTS without slash": {dSTSNoSlash, "DSTS", dSTSWithSlash, DSTSTenant}, } @@ -364,6 +364,7 @@ func TestAuthParamsWithTenant(t *testing.T) { }{ "do nothing if tenant override is empty": {authority: host + uuid1, tenant: "", expectedAuthority: host + uuid1}, "do nothing if tenant override is empty for ADFS": {authority: host + "adfs", tenant: "", expectedAuthority: host + "adfs"}, + `do nothing if tenant override is adfs for ADFS`: {authority: host + "adfs", tenant: "adfs", expectedAuthority: host + "adfs"}, "do nothing if tenant override equals tenant": {authority: host + uuid1, tenant: uuid1, expectedAuthority: host + uuid1}, "override common to tenant": {authority: host + "common", tenant: uuid1, expectedAuthority: host + uuid1},