Skip to content

Commit 9221e0f

Browse files
dirkboltedirkbolte
committed
Improve error handling on missing tokenEndpoint
1 parent a1652dc commit 9221e0f

File tree

1 file changed

+27
-34
lines changed

1 file changed

+27
-34
lines changed

projects/lib/src/oauth-service.ts

+27-34
Original file line numberDiff line numberDiff line change
@@ -282,6 +282,15 @@ export class OAuthService extends AuthConfig implements OnDestroy {
282282
return lcUrl.startsWith('https://');
283283
}
284284

285+
protected assertUrlNotNullAndCorrectProtocol(url: string | undefined, description: string) {
286+
if (!url) {
287+
throw new Error(`'${description}' should not be null`);
288+
}
289+
if (!this.validateUrlForHttps(url)) {
290+
throw new Error(`'${description}' must use HTTPS (with TLS), or config value for property 'requireHttps' must be set to 'false' and allow HTTP (without TLS).`);
291+
}
292+
}
293+
285294
protected validateUrlAgainstIssuer(url: string) {
286295
if (!this.strictDiscoveryDocumentValidation) {
287296
return true;
@@ -416,7 +425,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
416425
}
417426

418427
if (!this.validateUrlForHttps(fullUrl)) {
419-
reject('issuer must use https, or config value for property requireHttps must allow http');
428+
reject('issuer must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
420429
return;
421430
}
422431

@@ -603,9 +612,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
603612
throw new Error('Can not load User Profile without access_token');
604613
}
605614
if (!this.validateUrlForHttps(this.userinfoEndpoint)) {
606-
throw new Error(
607-
'userinfoEndpoint must use https, or config value for property requireHttps must allow http'
608-
);
615+
throw new Error('userinfoEndpoint must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
609616
}
610617

611618
return new Promise((resolve, reject) => {
@@ -663,11 +670,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
663670
password: string,
664671
headers: HttpHeaders = new HttpHeaders()
665672
): Promise<object> {
666-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
667-
throw new Error(
668-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
669-
);
670-
}
673+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
671674

672675
return new Promise((resolve, reject) => {
673676
/**
@@ -740,12 +743,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
740743
* method silentRefresh.
741744
*/
742745
public refreshToken(): Promise<object> {
743-
744-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
745-
throw new Error(
746-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
747-
);
748-
}
746+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
749747

750748
return new Promise((resolve, reject) => {
751749
let params = new HttpParams()
@@ -857,9 +855,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
857855
}
858856

859857
if (!this.validateUrlForHttps(this.loginUrl)) {
860-
throw new Error(
861-
'tokenEndpoint must use https, or config value for property requireHttps must allow http'
862-
);
858+
throw new Error('loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
863859
}
864860

865861
if (typeof document === 'undefined') {
@@ -1264,7 +1260,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
12641260
}
12651261

12661262
return url;
1267-
1263+
12681264
}
12691265

12701266
initImplicitFlowInternal(
@@ -1279,7 +1275,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
12791275

12801276
if (!this.validateUrlForHttps(this.loginUrl)) {
12811277
throw new Error(
1282-
'loginUrl must use https, or config value for property requireHttps must allow http'
1278+
'loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).'
12831279
);
12841280
}
12851281

@@ -1469,13 +1465,10 @@ export class OAuthService extends AuthConfig implements OnDestroy {
14691465

14701466
private fetchAndProcessToken(params: HttpParams): Promise<object> {
14711467

1468+
this.assertUrlNotNullAndCorrectProtocol(this.tokenEndpoint, 'tokenEndpoint');
14721469
let headers = new HttpHeaders()
14731470
.set('Content-Type', 'application/x-www-form-urlencoded');
14741471

1475-
if (!this.validateUrlForHttps(this.tokenEndpoint)) {
1476-
throw new Error('tokenEndpoint must use Http. Also check property requireHttps.');
1477-
}
1478-
14791472
if (this.useHttpBasicAuth) {
14801473
const header = btoa(`${this.clientId}:${this.dummyClientSecret}`);
14811474
headers = headers.set(
@@ -1503,32 +1496,32 @@ export class OAuthService extends AuthConfig implements OnDestroy {
15031496
(tokenResponse) => {
15041497
this.debug('refresh tokenResponse', tokenResponse);
15051498
this.storeAccessTokenResponse(
1506-
tokenResponse.access_token,
1507-
tokenResponse.refresh_token,
1499+
tokenResponse.access_token,
1500+
tokenResponse.refresh_token,
15081501
tokenResponse.expires_in,
15091502
tokenResponse.scope);
15101503

15111504
if (this.oidc && tokenResponse.id_token) {
1512-
this.processIdToken(tokenResponse.id_token, tokenResponse.access_token).
1505+
this.processIdToken(tokenResponse.id_token, tokenResponse.access_token).
15131506
then(result => {
15141507
this.storeIdToken(result);
1515-
1508+
15161509
this.eventsSubject.next(new OAuthSuccessEvent('token_received'));
15171510
this.eventsSubject.next(new OAuthSuccessEvent('token_refreshed'));
1518-
1511+
15191512
resolve(tokenResponse);
15201513
})
15211514
.catch(reason => {
15221515
this.eventsSubject.next(new OAuthErrorEvent('token_validation_error', reason));
15231516
console.error('Error validating tokens');
15241517
console.error(reason);
1525-
1518+
15261519
reject(reason);
15271520
});
15281521
} else {
15291522
this.eventsSubject.next(new OAuthSuccessEvent('token_received'));
15301523
this.eventsSubject.next(new OAuthSuccessEvent('token_refreshed'));
1531-
1524+
15321525
resolve(tokenResponse);
15331526
}
15341527
},
@@ -1688,7 +1681,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
16881681
): boolean {
16891682
const savedNonce = this._storage.getItem('nonce');
16901683
if (savedNonce !== nonceInState) {
1691-
1684+
16921685
const err = 'Validating access_token failed, wrong state/nonce.';
16931686
console.error(err, savedNonce, nonceInState);
16941687
return false;
@@ -2026,7 +2019,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
20262019

20272020
if (!this.validateUrlForHttps(this.logoutUrl)) {
20282021
throw new Error(
2029-
'logoutUrl must use https, or config value for property requireHttps must allow http'
2022+
'logoutUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).'
20302023
);
20312024
}
20322025

@@ -2165,7 +2158,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
21652158
): void {
21662159

21672160
if (!this.validateUrlForHttps(this.loginUrl)) {
2168-
throw new Error('loginUrl must use Http. Also check property requireHttps.');
2161+
throw new Error('loginUrl must use HTTPS (with TLS), or config value for property \'requireHttps\' must be set to \'false\' and allow HTTP (without TLS).');
21692162
}
21702163

21712164
this.createLoginUrl(additionalState, '', null, false, params).then(function (url) {

0 commit comments

Comments
 (0)