static-web-apps-cli icon indicating copy to clipboard operation
static-web-apps-cli copied to clipboard
verified publisher icon Azure

SWA auth emulator does not handle `post_login_redirect_uri=.referrer`

Open thsackos opened this issue 3 years ago • 3 comments

Are you accessing the CLI from the default port :4280 ?

  • [ ] No, I am using a different port number (--port) and accessing the CLI from that port
  • [x] Yes, I am accessing the CLI from port :4280

Describe the bug According to documentation, the staticwebapp.config.json supports a .referrer redirect for the auth routes. The .referrer should be replaced by the route the user was attempting to access before the auth redirect.

However, the SWA emulator (and auth emulator page?) treat the redirect path as a plain string. It is not substituted by the expected path.

To Reproduce

  1. Create a static web app. Restrict access using routes in staticwebapp.config.json. Users must be authenticated to access any page.
    • { "route": "/*", "allowedRoles": ["authenticated"] }
  2. Provide an auth redirect for any unauthorized response using responseOverrides in staticwebapp.config.json.
    • "responseOverrides":{"401":{"statusCode":302,"redirect":"/.auth/login/aad?post_login_redirect_uri=.referrer"}}
  3. User loads GET http://localhost:4280/my-application-path?data=x
  4. User is not authenticated and does not meet required allowedRoles.
  5. User is redirected to auth emulator page at http://localhost:4280/.auth/login/aad?post_login_redirect_uri=.referrer $^{10}$
  6. User clicks "Login" in the emulator.
  7. Page is stuck in infinite loading loop. Page does not leave login emulator. SWA is attempting to use the .referrer as a valid application path, instead of replacing it with the actual path. $^{11}$

Expected behavior 10. Emulator should redirect user to authenticate at route http://localhost:4280/.auth/login/aad?post_login_redirect_uri=my-application-path%3Fdata%3Dx instead. 11. After clicking "Login" the emulator redirects the user to GET http://localhost:4280/my-application-path?data=x.

Relevant Logs:

[swa] ------------------- processing route -------------------
[swa] --------------------------------------------------------
[swa] processing /.auth/login/.referrer
...
[swa] - matchingRouteRule:
[swa]   - route: /*
[swa]  - allowedRoles:
[swa]    - 0: authenticated
[swa] checking auth request
[swa]  - auth request detected
[swa] processing auth request
[swa]  - auth returned 404
[swa] checking response overrides for status code 404
[swa]  - no rules found.
[swa] GET http://localhost:4280/404.html - 404
[swa] GET http://localhost:4280/404.html - 404

Desktop (please complete the following information):

  • OS: Windows
  • Version 11

thsackos avatar Aug 09 '22 16:08 thsackos

My cursory reading of the code leads me to believe that this line of code should be aware of the "=.referrer" behavior defined in the documentation.

thsackos avatar Aug 09 '22 18:08 thsackos

Opened a PR with a draft solution to the problem described above ^.

thsackos avatar Aug 09 '22 22:08 thsackos

Thanks for your contribution @thsackos!! We will get your PR reviewed and merged soon! Keep coding! :)

Reshmi-Sriram avatar Aug 12 '22 08:08 Reshmi-Sriram

Hey @thsackos , thanks for your PR, we'll review this and merge the PR as soon as possible.

sgollapudi77 avatar Aug 18 '22 10:08 sgollapudi77