Fix WithTenantID("adfs") regression (#529)

chlowell · web-flow · commit 9bf4a83bb1af · 2024-11-06T12:08:36.000-08:00
diff --git a/apps/internal/oauth/ops/authority/authority.go b/apps/internal/oauth/ops/authority/authority.go
@@ -380,8 +380,9 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD
 		return Info{}, errors.New(`authority must be an URL such as "https://login.microsoftonline.com/<your tenant>"`)
 	}
 
-	var authorityType, tenant string
-	switch pathParts[1] {
+	authorityType := AAD
+	tenant := pathParts[1]
+	switch tenant {
 	case "adfs":
 		authorityType = ADFS
 	case "dstsv2":
@@ -393,9 +394,6 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD
 		}
 		authorityType = DSTS
 		tenant = DSTSTenant
-	default:
-		authorityType = AAD
-		tenant = pathParts[1]
 	}
 
 	// u.Host includes the port, if any, which is required for private cloud deployments
diff --git a/apps/internal/oauth/ops/authority/authority_test.go b/apps/internal/oauth/ops/authority/authority_test.go
@@ -330,8 +330,8 @@ func TestAuthorityParsing(t *testing.T) {
 	}{
 		"AAD with slash":     {"https://login.microsoftonline.com/common/", "MSSTS", "https://login.microsoftonline.com/common/", "common"},
 		"AAD without slash":  {"https://login.microsoftonline.com/common", "MSSTS", "https://login.microsoftonline.com/common/", "common"},
-		"ADFS with slash":    {"https://adfs.example.com/adfs/", "ADFS", "https://adfs.example.com/adfs/", ""},
-		"ADFS without slash": {"https://adfs.example.com/adfs", "ADFS", "https://adfs.example.com/adfs/", ""},
+		"ADFS with slash":    {"https://adfs.example.com/adfs/", "ADFS", "https://adfs.example.com/adfs/", "adfs"},
+		"ADFS without slash": {"https://adfs.example.com/adfs", "ADFS", "https://adfs.example.com/adfs/", "adfs"},
 		"dSTS with slash":    {dSTSWithSlash, "DSTS", dSTSWithSlash, DSTSTenant},
 		"dSTS without slash": {dSTSNoSlash, "DSTS", dSTSWithSlash, DSTSTenant},
 	}
@@ -364,6 +364,7 @@ func TestAuthParamsWithTenant(t *testing.T) {
 	}{
 		"do nothing if tenant override is empty":          {authority: host + uuid1, tenant: "", expectedAuthority: host + uuid1},
 		"do nothing if tenant override is empty for ADFS": {authority: host + "adfs", tenant: "", expectedAuthority: host + "adfs"},
+		`do nothing if tenant override is adfs for ADFS`:  {authority: host + "adfs", tenant: "adfs", expectedAuthority: host + "adfs"},
 		"do nothing if tenant override equals tenant":     {authority: host + uuid1, tenant: uuid1, expectedAuthority: host + uuid1},
 
 		"override common to tenant":        {authority: host + "common", tenant: uuid1, expectedAuthority: host + uuid1},

Original file line number	Diff line number	Diff line change
`@@ -380,8 +380,9 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD`
`380`	`380`	return Info{}, errors.New(`authority must be an URL such as "https://login.microsoftonline.com/<your tenant>"`)
`381`	`381`	`}`
`382`	`382`
`383`		`- var authorityType, tenant string`
`384`		`- switch pathParts[1] {`
	`383`	`+ authorityType := AAD`
	`384`	`+ tenant := pathParts[1]`
	`385`	`+ switch tenant {`
`385`	`386`	`case "adfs":`
`386`	`387`	`authorityType = ADFS`
`387`	`388`	`case "dstsv2":`
`@@ -393,9 +394,6 @@ func NewInfoFromAuthorityURI(authority string, validateAuthority bool, instanceD`
`393`	`394`	`}`
`394`	`395`	`authorityType = DSTS`
`395`	`396`	`tenant = DSTSTenant`
`396`		`- default:`
`397`		`- authorityType = AAD`
`398`		`- tenant = pathParts[1]`
`399`	`397`	`}`
`400`	`398`
`401`	`399`	`// u.Host includes the port, if any, which is required for private cloud deployments`