From 9f0d048114d3d2c4f4f70d5e560eaeb84d7497ab Mon Sep 17 00:00:00 2001 From: Andrew Martinez Date: Fri, 17 Jan 2025 10:25:25 -0500 Subject: [PATCH] fixes #2659 OIDC login panics on invalid media types --- controller/oidc_auth/login.go | 2 +- controller/oidc_auth/negotiate.go | 2 +- tests/auth_oidc_test.go | 23 ++++++++++++++++++----- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/controller/oidc_auth/login.go b/controller/oidc_auth/login.go index 5d7625592..344e48950 100644 --- a/controller/oidc_auth/login.go +++ b/controller/oidc_auth/login.go @@ -283,7 +283,7 @@ func (l *login) authenticate(w http.ResponseWriter, r *http.Request) { apiErr := parsePayload(r, credentials) if apiErr != nil { - renderJsonError(w, err) + renderJsonError(w, apiErr) return } diff --git a/controller/oidc_auth/negotiate.go b/controller/oidc_auth/negotiate.go index 9294599f3..741ddd322 100644 --- a/controller/oidc_auth/negotiate.go +++ b/controller/oidc_auth/negotiate.go @@ -43,7 +43,7 @@ func negotiateBodyContentType(r *http.Request) (string, *errorz.ApiError) { Code: "UNSUPPORTED_MEDIA_TYPE", Message: fmt.Sprintf("the content type: %s, is not supported (supported: %s, %s)", contentType, FormContentType, JsonContentType), - Status: 0, + Status: http.StatusUnsupportedMediaType, Cause: nil, AppendCause: false, } diff --git a/tests/auth_oidc_test.go b/tests/auth_oidc_test.go index c01dd64e6..82ac74b52 100644 --- a/tests/auth_oidc_test.go +++ b/tests/auth_oidc_test.go @@ -146,11 +146,24 @@ func Test_Authenticate_OIDC_Auth(t *testing.T) { rpServer.Start() defer rpServer.Stop() - //clientApiUrl, err := url.Parse("https://" + ctx.ApiHost + EdgeClientApiPath) - //ctx.Req.NoError(err) - // - //managementApiUrl, err := url.Parse("https://" + ctx.ApiHost + EdgeManagementApiPath) - //ctx.Req.NoError(err) + t.Run("attempt to auth with multipart form data, expect unsupported media type", func(t *testing.T) { + ctx.testContextChanged(t) + + client := resty.NewWithClient(ctx.NewHttpClient(ctx.NewTransport())) + client.SetRedirectPolicy(resty.DomainCheckRedirectPolicy("127.0.0.1", "localhost")) + + loginPath := "https://" + ctx.ApiHost + "/oidc/login/password?authRequestID=12345" + + ctx.Req.NoError(err) + ctx.Req.NotEmpty(loginPath) + + resp, err := client.R().SetMultipartFormData(map[string]string{ + "username": "admin", + "password": "admin", + }).Post(loginPath) + ctx.Req.NoError(err) + ctx.Req.Equal(http.StatusUnsupportedMediaType, resp.StatusCode()) + }) t.Run("updb", func(t *testing.T) { ctx.testContextChanged(t)