Keep the CLI localhost listener running after requests with wrong verb

Just in case some future browser change sends some new kind of request
to our CLI, just ignore them by returning StatusMethodNotAllowed and
continuing to listen.
This commit is contained in:
Ryan Richard 2022-02-07 13:32:31 -08:00
parent 7b97f1533e
commit 3c7e387137
2 changed files with 21 additions and 14 deletions

View File

@ -868,10 +868,12 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
// Return HTTP 405 for anything that's not a POST.
if r.Method != http.MethodPost {
return httperr.Newf(http.StatusMethodNotAllowed, "wanted POST but got %s", r.Method)
h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
w.WriteHeader(http.StatusMethodNotAllowed)
return nil // keep listening for more requests
}
// Parse and pull the response parameters from a application/x-www-form-urlencoded request body.
// Parse and pull the response parameters from an application/x-www-form-urlencoded request body.
if err := r.ParseForm(); err != nil {
return httperr.Wrap(http.StatusBadRequest, "invalid form", err)
}
@ -879,7 +881,9 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
} else {
// Return HTTP 405 for anything that's not a GET.
if r.Method != http.MethodGet {
return httperr.Newf(http.StatusMethodNotAllowed, "wanted GET but got %s", r.Method)
h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
w.WriteHeader(http.StatusMethodNotAllowed)
return nil // keep listening for more requests
}
// Pull response parameters from the URL query string.

View File

@ -1881,19 +1881,19 @@ func TestHandleAuthCodeCallback(t *testing.T) {
wantHeaders http.Header
}{
{
name: "wrong method",
method: http.MethodPost,
query: "",
wantErr: "wanted GET but got POST",
wantHTTPStatus: http.StatusMethodNotAllowed,
name: "wrong method returns an error but keeps listening",
method: http.MethodPost,
query: "",
wantNoCallbacks: true,
wantHTTPStatus: http.StatusMethodNotAllowed,
},
{
name: "wrong method for form_post",
method: http.MethodGet,
query: "",
opt: withFormPostMode,
wantErr: "wanted POST but got GET",
wantHTTPStatus: http.StatusMethodNotAllowed,
name: "wrong method for form_post returns an error but keeps listening",
method: http.MethodGet,
query: "",
opt: withFormPostMode,
wantNoCallbacks: true,
wantHTTPStatus: http.StatusMethodNotAllowed,
},
{
name: "invalid form for form_post",
@ -2098,6 +2098,7 @@ func TestHandleAuthCodeCallback(t *testing.T) {
require.Equal(t, tt.wantHeaders, resp.Header())
}
gotCallback := false
select {
case <-time.After(1 * time.Second):
if !tt.wantNoCallbacks {
@ -2111,7 +2112,9 @@ func TestHandleAuthCodeCallback(t *testing.T) {
require.NoError(t, result.err)
require.NotNil(t, result.token)
require.Equal(t, result.token.IDToken.Token, "test-id-token")
gotCallback = true
}
require.Equal(t, tt.wantNoCallbacks, !gotCallback)
})
}
}