fix: resolve discovery URIs one by one to yield consistent results

closes #260 closes #267
panva · Mar 7, 2021 · 6b18218 · 6b18218
1 parent b495b22
commit 6b18218
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 32 deletions.
diff --git a/lib/issuer.js b/lib/issuer.js
@@ -3,8 +3,8 @@
 const { inspect } = require('util');
 const url = require('url');
 
+const AggregateError = require('aggregate-error');
 const jose = require('jose');
-const pAny = require('p-any');
 const LRU = require('lru-cache');
 const objectHash = require('object-hash');
 
@@ -240,40 +240,46 @@ class Issuer {
       });
     }
 
-    const uris = [];
-    if (parsed.pathname === '/') {
-      uris.push(`${OAUTH2_DISCOVERY}`);
+    const pathnames = [];
+    if (parsed.pathname.endsWith('/')) {
+      pathnames.push(`${parsed.pathname}${OIDC_DISCOVERY.substring(1)}`);
     } else {
-      uris.push(`${OAUTH2_DISCOVERY}${parsed.pathname}`);
+      pathnames.push(`${parsed.pathname}${OIDC_DISCOVERY}`);
     }
-    if (parsed.pathname.endsWith('/')) {
-      uris.push(`${parsed.pathname}${OIDC_DISCOVERY.substring(1)}`);
+    if (parsed.pathname === '/') {
+      pathnames.push(`${OAUTH2_DISCOVERY}`);
     } else {
-      uris.push(`${parsed.pathname}${OIDC_DISCOVERY}`);
+      pathnames.push(`${OAUTH2_DISCOVERY}${parsed.pathname}`);
     }
 
-    return pAny(uris.map(async (pathname) => {
-      const wellKnownUri = url.format({ ...parsed, pathname });
-      const response = await request.call(this, {
-        method: 'GET',
-        responseType: 'json',
-        url: wellKnownUri,
-      });
-      const body = processResponse(response);
-      return new Issuer({
-        ...ISSUER_DEFAULTS,
-        ...body,
-        [AAD_MULTITENANT]: !!AAD_MULTITENANT_DISCOVERY.find(
-          (discoveryURL) => wellKnownUri.startsWith(discoveryURL),
-        ),
-      });
-    })).catch((err) => {
-      if (err instanceof pAny.AggregateError) {
-        err.message = `Issuer.discover() failed.${err.message.split('\n')
-          .filter((line) => !line.startsWith('        at')).join('\n')}`;
+    const errors = [];
+    // eslint-disable-next-line no-restricted-syntax
+    for (const pathname of pathnames) {
+      try {
+        const wellKnownUri = url.format({ ...parsed, pathname });
+        // eslint-disable-next-line no-await-in-loop
+        const response = await request.call(this, {
+          method: 'GET',
+          responseType: 'json',
+          url: wellKnownUri,
+        });
+        const body = processResponse(response);
+        return new Issuer({
+          ...ISSUER_DEFAULTS,
+          ...body,
+          [AAD_MULTITENANT]: !!AAD_MULTITENANT_DISCOVERY.find(
+            (discoveryURL) => wellKnownUri.startsWith(discoveryURL),
+          ),
+        });
+      } catch (err) {
+        errors.push(err);
       }
-      throw err;
-    });
+    }
+
+    const err = new AggregateError(errors);
+    err.message = `Issuer.discover() failed.${err.message.split('\n')
+      .filter((line) => !line.startsWith('        at')).join('\n')}`;
+    throw err;
   }
 
   /* istanbul ignore next */

diff --git a/package.json b/package.json
@@ -63,13 +63,13 @@
     ]
   },
   "dependencies": {
+    "aggregate-error": "^3.1.0",
     "got": "^11.8.0",
     "jose": "^2.0.4",
     "lru-cache": "^6.0.0",
     "make-error": "^1.3.6",
     "object-hash": "^2.0.1",
-    "oidc-token-hash": "^5.0.1",
-    "p-any": "^3.0.0"
+    "oidc-token-hash": "^5.0.1"
   },
   "devDependencies": {
     "@commitlint/cli": "^11.0.0",

diff --git a/test/issuer/discover_webfinger.test.js b/test/issuer/discover_webfinger.test.js
@@ -286,7 +286,7 @@ describe('Issuer#webfinger()', () => {
       await Issuer.webfinger('joe@opemail.example.com');
 
       expect(nock.isDone()).to.be.true;
-      sinon.assert.callCount(httpOptions, 3);
+      sinon.assert.callCount(httpOptions, 2);
     });
   });
 });