From 5c8dd25e318956551f16143f4c451fa318d6d2c2 Mon Sep 17 00:00:00 2001 From: Josh Cunningham Date: Mon, 6 Jan 2020 14:50:28 -0800 Subject: [PATCH] Allow custom routes with or without leading slash --- lib/config.js | 6 +++--- middleware/auth.js | 10 +++++++--- test/auth.tests.js | 6 +++--- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/config.js b/lib/config.js index edb0d754..428dc71c 100644 --- a/lib/config.js +++ b/lib/config.js @@ -53,9 +53,9 @@ const paramsSchema = Joi.object().keys({ idTokenAlg: Joi.string().not('none').optional().default('RS256'), issuerBaseURL: Joi.alternatives([ Joi.string().uri(), Joi.string().hostname() ]).required(), legacySameSiteCookie: Joi.boolean().optional().default(true), - loginPath: Joi.string().optional().default('/login'), - logoutPath: Joi.string().optional().default('/logout'), - redirectUriPath: Joi.string().optional().default('/callback'), + loginPath: Joi.string().uri({relativeOnly: true}).optional().default('/login'), + logoutPath: Joi.string().uri({relativeOnly: true}).optional().default('/logout'), + redirectUriPath: Joi.string().uri({relativeOnly: true}).optional().default('/callback'), required: Joi.alternatives([ Joi.func(), Joi.boolean()]).optional().default(true), routes: Joi.boolean().optional().default(true), }); diff --git a/middleware/auth.js b/middleware/auth.js index 0180675b..b7694dc2 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -10,6 +10,10 @@ const transient = require('../lib/transientHandler'); const { RequestContext, ResponseContext } = require('../lib/context'); const appSession = require('../lib/appSession'); +const enforceLeadingSlash = (path) => { + return '/' === path.split('')[0] ? path : '/' + path; +}; + /** * Returns a router with two routes /login and /callback * @@ -50,10 +54,10 @@ module.exports = function (params) { }); if (config.routes) { - router.get(config.loginPath, express.urlencoded({ extended: false }), (req, res) => { + router.get(enforceLeadingSlash(config.loginPath), express.urlencoded({ extended: false }), (req, res) => { res.openid.login({ returnTo: config.baseURL }); }); - router.get(config.logoutPath, (req, res) => res.openid.logout()); + router.get(enforceLeadingSlash(config.logoutPath), (req, res) => res.openid.logout()); } let callbackMethod; @@ -69,7 +73,7 @@ module.exports = function (params) { callbackMethod = 'get'; } - router[callbackMethod](config.redirectUriPath, express.urlencoded({ extended: false }), cookieParser(), async (req, res, next) => { + router[callbackMethod](enforceLeadingSlash(config.redirectUriPath), express.urlencoded({ extended: false }), cookieParser(), async (req, res, next) => { next = cb(next).once(); try { const redirect_uri = res.openid.getRedirectUri(); diff --git a/test/auth.tests.js b/test/auth.tests.js index fb21d202..cb59ae7c 100644 --- a/test/auth.tests.js +++ b/test/auth.tests.js @@ -223,9 +223,9 @@ describe('auth', function() { clientID: '__test_client_id__', baseURL: 'https://example.org', issuerBaseURL: 'https://test.auth0.com', - redirectUriPath: '/custom-callback', - loginPath: '/custom-login', - logoutPath: '/custom-logout', + redirectUriPath: 'custom-callback', + loginPath: 'custom-login', + logoutPath: 'custom-logout', }); baseUrl = await server.create(router); });