fix: handle status codes for /api and /.auth reqs (#235)

Azure · Jun 10, 2021 · 09eb722 · 09eb722
1 parent 2dcf9e5
commit 09eb722
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 9 deletions.
diff --git a/cypress/fixtures/static/staticwebapp.config.json b/cypress/fixtures/static/staticwebapp.config.json
@@ -54,6 +54,10 @@
       "route": "/logout",
       "rewrite": "/.auth/logout"
     },
+    {
+      "route": "/.auth/login/aad",
+      "statusCode": 404
+    },
     {
       "route": "/status-code-401.txt",
       "statusCode": "401"
@@ -73,6 +77,10 @@
     {
       "route": "/api/info",
       "allowedRoles": ["authenticated"]
+    },
+    {
+      "route": "/api/error",
+      "statusCode": 403
     }
   ],
   "navigationFallback": {

diff --git a/cypress/integration/authentication.js b/cypress/integration/authentication.js
@@ -5,7 +5,8 @@ Cypress.Cookies.defaults({
 });
 Cypress.Cookies.debug(true);
 
-const PROVIDERS = ["google", "github", "twitter", "facebook", "aad"];
+// we are not including AAD in this list because it has a special rule (see staticwebapp.config.json)
+const PROVIDERS_AVAILABLE = ["google", "github", "twitter", "facebook"];
 const SWA_AUTH_COOKIE_NAME = "StaticWebAppsAuthCookie";
 const clientPrincipal = {
   identityProvider: "facebook",
@@ -52,8 +53,8 @@ context("Authentication", () => {
 });
 
 context(`/.auth/login/<provider>`, () => {
-  for (let index = 0; index < PROVIDERS.length; index++) {
-    const provider = PROVIDERS[index];
+  for (let index = 0; index < PROVIDERS_AVAILABLE.length; index++) {
+    const provider = PROVIDERS_AVAILABLE[index];
     describe(`when using provider: ${provider}`, () => {
       it(`provider should be ${provider}`, () => {
         cy.visit(`http://0.0.0.0:1234/.auth/login/${provider}`);
@@ -144,8 +145,8 @@ context("checking localStorage", () => {
     cy.clearLocalStorage();
   });
   describe("caching auth info in localStorage", () => {
-    for (let index = 0; index < PROVIDERS.length; index++) {
-      const provider = PROVIDERS[index];
+    for (let index = 0; index < PROVIDERS_AVAILABLE.length; index++) {
+      const provider = PROVIDERS_AVAILABLE[index];
       it(`should cache auth: ${provider}`, () => {
         cy.visit(`http://0.0.0.0:1234/.auth/login/${provider}`);
         cy.get("#userDetails")

diff --git a/cypress/integration/authorization.js b/cypress/integration/authorization.js
@@ -42,4 +42,14 @@ context("Authorization", () => {
       });
     });
   }
+
+
+  describe("Accessing /.auth/login/aad", () => {
+    it("should return 404", () => {
+      cy.request({ url: "http://0.0.0.0:1234/.auth/login/aad", failOnStatusCode: false }).then((response) => {
+        expect(response.status).to.eq(404);
+      });
+    });
+  });
+
 });
diff --git a/cypress/integration/functions.js b/cypress/integration/functions.js
@@ -58,4 +58,12 @@ context.only("/api", () => {
       });
     });
   });
+
+  describe(`Accessing /api/error`, () => {
+    it(`should respond with valid status code 403`, () => {
+      cy.request({ url: `http://0.0.0.0:1234/api/error`, failOnStatusCode: false }).then((response) => {
+        expect(response.status).to.eq(403);
+      });
+    });
+  });
 });
diff --git a/src/msha/middlewares/request.middleware.ts b/src/msha/middlewares/request.middleware.ts
@@ -228,15 +228,25 @@ export async function requestMiddleware(
     return serveStaticOrProxyReponse(req, res, proxyApp, SWA_CLI_OUTPUT_LOCATION);
   }
 
-  let authStatus = AUTH_STATUS.NoAuth;
-  const isAuthReq = isAuthRequest(req);
+  let target = SWA_CLI_OUTPUT_LOCATION;
 
   logger.silly(`checking for matching route`);
   const matchingRouteRule = tryGetMatchingRoute(req, userConfig);
   if (matchingRouteRule) {
     logger.silly({ matchingRouteRule });
+
+    const statusCodeToServe = parseInt(`${matchingRouteRule?.statusCode}`, 10);
+    if ([404, 403, 401].includes(statusCodeToServe)) {
+      logger.silly(` - ${statusCodeToServe} code detected. Exit`);
+
+      handleErrorPage(req, res, statusCodeToServe, userConfig?.responseOverrides);
+      return serveStaticOrProxyReponse(req, res, proxyApp, target);
+    }
   }
 
+  let authStatus = AUTH_STATUS.NoAuth;
+  const isAuthReq = isAuthRequest(req);
+
   logger.silly(`checking auth request`);
   if (isAuthReq) {
     logger.silly(` - auth request detected`);
@@ -286,8 +296,6 @@ export async function requestMiddleware(
     return await handleAuthRequest(req, res, matchingRouteRule, userConfig);
   }
 
-  let target = SWA_CLI_OUTPUT_LOCATION;
-
   if (!isRouteRequiringUserRolesCheck(req, matchingRouteRule, isFunctionReq, authStatus)) {
     handleErrorPage(req, res, 401, userConfig?.responseOverrides);
     return serveStaticOrProxyReponse(req, res, proxyApp, target);