Skip to content

Commit 13c1675

Browse files
manfredsteyermanfredsteyer
authored
Merge pull request #656 from dirkbolte/improve-error-for-missing-endpointUrl
#260: Improve error handling on missing tokenEndpoint
2 parents 948f517 + 3f8c943 commit 13c1675

File tree

1 file changed

+19
-25
lines changed

1 file changed

+19
-25
lines changed

projects/lib/src/oauth-service.ts

+19-25
Original file line numberDiff line numberDiff line change
@@ -286,6 +286,15 @@ export class OAuthService extends AuthConfig implements OnDestroy {
286286
return lcUrl.startsWith('https://');
287287
}
288288

289+
protected assertUrlNotNullAndCorrectProtocol(url: string | undefined, description: string) {
290+
if (!url) {
291+
throw new Error(`'${description}' should not be null`);
292+
}
293+
if (!this.validateUrlForHttps(url)) {
294+
throw new Error(`'${description}' must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).`);
295+
}
296+
}
297+
289298
protected validateUrlAgainstIssuer(url: string) {
290299
if (!this.strictDiscoveryDocumentValidation) {
291300
return true;
@@ -420,7 +429,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
420429
}
421430

422431
if (!this.validateUrlForHttps(fullUrl)) {
423-
reject('issuer must use https, or config value for property requireHttps must allow http');
432+
reject('issuer must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
424433
return;
425434
}
426435

@@ -607,9 +616,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
607616
throw new Error('Can not load User Profile without access_token');
608617
}
609618
if (!this.validateUrlForHttps(this.userinfoEndpoint)) {
610-
throw new Error(
611-
'userinfoEndpoint must use https, or config value for property requireHttps must allow http'
612-
);
619+
throw new Error('userinfoEndpoint must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
613620
}
614621

615622
return new Promise((resolve, reject) => {
@@ -666,12 +673,9 @@ export class OAuthService extends AuthConfig implements OnDestroy {
666673
userName: string,
667674
password: string,
668675
headers: HttpHeaders = new HttpHeaders()
676+
669677
): Promise<TokenResponse> {
670-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
671-
throw new Error(
672-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
673-
);
674-
}
678+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
675679

676680
return new Promise((resolve, reject) => {
677681
/**
@@ -744,12 +748,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
744748
* method silentRefresh.
745749
*/
746750
public refreshToken(): Promise<TokenResponse> {
747-
748-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
749-
throw new Error(
750-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
751-
);
752-
}
751+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
753752

754753
return new Promise((resolve, reject) => {
755754
let params = new HttpParams()
@@ -861,9 +860,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
861860
}
862861

863862
if (!this.validateUrlForHttps(this.loginUrl)) {
864-
throw new Error(
865-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
866-
);
863+
throw new Error('loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
867864
}
868865

869866
if (typeof document === 'undefined') {
@@ -1284,7 +1281,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
12841281

12851282
if (!this.validateUrlForHttps(this.loginUrl)) {
12861283
throw new Error(
1287-
'loginUrl must use https, or config value for property requireHttps must allow http'
1284+
'loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).'
12881285
);
12891286
}
12901287

@@ -1474,13 +1471,10 @@ export class OAuthService extends AuthConfig implements OnDestroy {
14741471

14751472
private fetchAndProcessToken(params: HttpParams): Promise<TokenResponse> {
14761473

1474+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
14771475
let headers = new HttpHeaders()
14781476
.set('Content-Type', 'application/x-www-form-urlencoded');
14791477

1480-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
1481-
throw new Error('tokenEndpoint must use Http. Also check property requireHttps.');
1482-
}
1483-
14841478
if (this.useHttpBasicAuth) {
14851479
const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
14861480
headers = headers.set(
@@ -2049,7 +2043,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
20492043

20502044
if (!this.validateUrlForHttps(this.logoutUrl)) {
20512045
throw new Error(
2052-
'logoutUrl must use https, or config value for property requireHttps must allow http'
2046+
'logoutUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).'
20532047
);
20542048
}
20552049

@@ -2201,7 +2195,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
22012195
): void {
22022196

22032197
if (!this.validateUrlForHttps(this.loginUrl)) {
2204-
throw new Error('loginUrl must use Http. Also check property requireHttps.');
2198+
throw new Error('loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
22052199
}
22062200

22072201
this.createLoginUrl(additionalState, '', null, false, params)

0 commit comments

Comments
 (0)