Keep the CLI localhost listener running after requests with wrong verb

Just in case some future browser change sends some new kind of request to our CLI, just ignore them by returning StatusMethodNotAllowed and continuing to listen.
2022-02-07 13:32:31 -08:00 · 2022-02-07 13:32:31 -08:00 · 3c7e387137
parent 7b97f1533e
commit 3c7e387137
2 changed files with 21 additions and 14 deletions
--- a/pkg/oidcclient/login.go
+++ b/pkg/oidcclient/login.go
@ -868,10 +868,12 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req

 		// Return HTTP 405 for anything that's not a POST.
 		if r.Method != http.MethodPost {
-			return httperr.Newf(http.StatusMethodNotAllowed, "wanted POST but got %s", r.Method)
+			h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return nil // keep listening for more requests
 		}

-		// Parse and pull the response parameters from a application/x-www-form-urlencoded request body.
+		// Parse and pull the response parameters from an application/x-www-form-urlencoded request body.
 		if err := r.ParseForm(); err != nil {
 			return httperr.Wrap(http.StatusBadRequest, "invalid form", err)
 		}
@ -879,7 +881,9 @@ func (h *handlerState) handleAuthCodeCallback(w http.ResponseWriter, r *http.Req
 	} else {
 		// Return HTTP 405 for anything that's not a GET.
 		if r.Method != http.MethodGet {
-			return httperr.Newf(http.StatusMethodNotAllowed, "wanted GET but got %s", r.Method)
+			h.logger.V(debugLogLevel).Info("Pinniped: Got unexpected request on callback listener", "method", r.Method)
+			w.WriteHeader(http.StatusMethodNotAllowed)
+			return nil // keep listening for more requests
 		}

 		// Pull response parameters from the URL query string.
--- a/pkg/oidcclient/login_test.go
+++ b/pkg/oidcclient/login_test.go
@ -1881,18 +1881,18 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 		wantHeaders     http.Header
 	}{
 		{
-			name:           "wrong method",
+			name:            "wrong method returns an error but keeps listening",
 			method:          http.MethodPost,
 			query:           "",
-			wantErr:        "wanted GET but got POST",
+			wantNoCallbacks: true,
 			wantHTTPStatus:  http.StatusMethodNotAllowed,
 		},
 		{
-			name:           "wrong method for form_post",
+			name:            "wrong method for form_post returns an error but keeps listening",
 			method:          http.MethodGet,
 			query:           "",
 			opt:             withFormPostMode,
-			wantErr:        "wanted POST but got GET",
+			wantNoCallbacks: true,
 			wantHTTPStatus:  http.StatusMethodNotAllowed,
 		},
 		{
@ -2098,6 +2098,7 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 				require.Equal(t, tt.wantHeaders, resp.Header())
 			}

+			gotCallback := false
 			select {
 			case <-time.After(1 * time.Second):
 				if !tt.wantNoCallbacks {
@ -2111,7 +2112,9 @@ func TestHandleAuthCodeCallback(t *testing.T) {
 				require.NoError(t, result.err)
 				require.NotNil(t, result.token)
 				require.Equal(t, result.token.IDToken.Token, "test-id-token")
+				gotCallback = true
 			}
+			require.Equal(t, tt.wantNoCallbacks, !gotCallback)
 		})
 	}
 }