Merge pull request #1072 from microsoft/fix/https-localhost

Allow https on localhost URLs
microsoft · Feb 9, 2024 · 5689ba4 · 5689ba4
2 parents 503ff61 + 9dd4bba
commit 5689ba4
Show file tree

Hide file tree

Showing 5 changed files with 62 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+## [1.0.1] - 2024-02-09
+
+### Changed
+
+- Allow authentication for localhost HTTP urls
+
 ## [1.0.0] - 2024-02-07
 
 ### Changed

diff --git a/components/authentication/azure/gradle/dependencies.gradle b/components/authentication/azure/gradle/dependencies.gradle
@@ -1,6 +1,7 @@
 dependencies {
     // Use JUnit Jupiter API for testing.
     testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2'
+    testImplementation 'org.junit.jupiter:junit-jupiter-params:5.10.2'
     testImplementation 'org.mockito:mockito-inline:5.2.0'
 
 

diff --git a/...re/src/main/java/com/microsoft/kiota/authentication/AzureIdentityAccessTokenProvider.java b/...re/src/main/java/com/microsoft/kiota/authentication/AzureIdentityAccessTokenProvider.java
@@ -16,7 +16,9 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Base64;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Objects;
 
@@ -26,6 +28,8 @@ public class AzureIdentityAccessTokenProvider implements AccessTokenProvider {
     private final List<String> _scopes;
     private final AllowedHostsValidator _hostValidator;
     private final ObservabilityOptions _observabilityOptions;
+    private static final HashSet<String> localhostStrings =
+            new HashSet<>(Arrays.asList("localhost", "[::1]", "::1", "127.0.0.1"));
 
     /**
      * Creates a new instance of AzureIdentityAccessTokenProvider.
@@ -102,7 +106,7 @@ public AzureIdentityAccessTokenProvider(
                 span.setAttribute("com.microsoft.kiota.authentication.is_url_valid", false);
                 return "";
             }
-            if (!uri.getScheme().equalsIgnoreCase("https")) {
+            if (!uri.getScheme().equalsIgnoreCase("https") && !isLocalhostUrl(uri.getHost())) {
                 span.setAttribute("com.microsoft.kiota.authentication.is_url_valid", false);
                 throw new IllegalArgumentException("Only https is supported");
             }
@@ -146,4 +150,9 @@ public AzureIdentityAccessTokenProvider(
     @Nonnull public AllowedHostsValidator getAllowedHostsValidator() {
         return _hostValidator;
     }
+
+    private static boolean isLocalhostUrl(@Nonnull String host) {
+        Objects.requireNonNull(host);
+        return localhostStrings.contains(host.toLowerCase(Locale.ROOT));
+    }
 }
diff --git a/...rc/test/java/com/microsoft/kiota/authentication/AzureIdentityAccessTokenProviderTest.java b/...rc/test/java/com/microsoft/kiota/authentication/AzureIdentityAccessTokenProviderTest.java
@@ -0,0 +1,44 @@
+package com.microsoft.kiota.authentication;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.*;
+
+import com.azure.core.credential.AccessToken;
+import com.azure.core.credential.TokenCredential;
+import com.azure.core.credential.TokenRequestContext;
+
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+
+public class AzureIdentityAccessTokenProviderTest {
+
+    @ParameterizedTest
+    @ValueSource(
+            strings = {"http://localhost:80/me", "http://127.0.0.1/me", "http://[::1]:8080/me"})
+    void testLocalhostHttpUrlIsValid(String urlString) throws URISyntaxException {
+        var tokenCredential = mock(TokenCredential.class);
+        when(tokenCredential.getTokenSync(any(TokenRequestContext.class)))
+                .thenReturn(new AccessToken("token", null));
+        var accessTokenProvider = new AzureIdentityAccessTokenProvider(tokenCredential, null, "");
+        assertEquals(
+                "token",
+                accessTokenProvider.getAuthorizationToken(new URI(urlString), new HashMap<>()));
+    }
+
+    @ParameterizedTest
+    @ValueSource(strings = {"http://graph.microsoft.com/me"})
+    void testNonLocalhostHttpUrlIsInvalid(String urlString) {
+        var tokenCredential = mock(TokenCredential.class);
+        var accessTokenProvider = new AzureIdentityAccessTokenProvider(tokenCredential, null, "");
+        assertThrows(
+                IllegalArgumentException.class,
+                () ->
+                        accessTokenProvider.getAuthorizationToken(
+                                new URI(urlString), new HashMap<>()));
+    }
+}
diff --git a/gradle.properties b/gradle.properties
@@ -26,7 +26,7 @@ org.gradle.caching=true
 mavenGroupId         = com.microsoft.kiota
 mavenMajorVersion = 1
 mavenMinorVersion = 0
-mavenPatchVersion = 0
+mavenPatchVersion = 1
 mavenArtifactSuffix = 
 
 #These values are used to run functional tests