fix issuer (#1260)

* fix issuer * fix warning
AzureAD · Jun 10, 2021 · dcd9981 · dcd9981
1 parent a8ba54f
commit dcd9981
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 63 deletions.
diff --git a/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml b/src/Microsoft.Identity.Web/Microsoft.Identity.Web.xml
diff --git a/src/Microsoft.Identity.Web/Resource/AadIssuerValidator.cs b/src/Microsoft.Identity.Web/Resource/AadIssuerValidator.cs
@@ -74,7 +74,26 @@ public string Validate(
                 throw new SecurityTokenInvalidIssuerException(IDWebErrorMessage.TenantIdClaimNotPresentInToken);
             }
 
-            if (validationParameters.ValidIssuers == null && validationParameters.ValidIssuer == null)
+            if (validationParameters.ValidIssuers != null)
+            {
+                foreach (var validIssuerTemplate in validationParameters.ValidIssuers)
+                {
+                    if (IsValidIssuer(validIssuerTemplate, tenantId, actualIssuer))
+                    {
+                        return actualIssuer;
+                    }
+                }
+            }
+
+            if (validationParameters.ValidIssuer != null)
+            {
+                if (IsValidIssuer(validationParameters.ValidIssuer, tenantId, actualIssuer))
+                {
+                    return actualIssuer;
+                }
+            }
+
+            try
             {
                 if (securityToken.Issuer.EndsWith("v2.0", StringComparison.OrdinalIgnoreCase))
                 {
@@ -105,24 +124,8 @@ public string Validate(
                     }
                 }
             }
-
-            if (validationParameters.ValidIssuers != null)
-            {
-                foreach (var validIssuerTemplate in validationParameters.ValidIssuers)
-                {
-                    if (IsValidIssuer(validIssuerTemplate, tenantId, actualIssuer))
-                    {
-                        return actualIssuer;
-                    }
-                }
-            }
-
-            if (validationParameters.ValidIssuer != null)
+            catch
             {
-                if (IsValidIssuer(validationParameters.ValidIssuer, tenantId, actualIssuer))
-                {
-                    return actualIssuer;
-                }
             }
 
             // If a valid issuer is not found, throw

diff --git a/tests/Microsoft.Identity.Web.Test/Resource/MicrosoftIdentityIssuerValidatorTests.cs b/tests/Microsoft.Identity.Web.Test/Resource/MicrosoftIdentityIssuerValidatorTests.cs
@@ -250,50 +250,6 @@ public void Validate_TidClaimInToken_ReturnsIssuer()
             Assert.Equal(TestConstants.AadIssuer, actualIssuer);
         }
 
-        [Fact]
-        public void Validate_NotMatchedIssuer_ThrowsException()
-        {
-            var validator = new AadIssuerValidator(null, _httpClientFactory, TestConstants.AadIssuer);
-            var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
-            var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
-            var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
-            var expectedErrorMessage = string.Format(
-                    CultureInfo.InvariantCulture,
-                    IDWebErrorMessage.IssuerDoesNotMatchValidIssuers,
-                    TestConstants.AadIssuer);
-
-            var exception = Assert.Throws<SecurityTokenInvalidIssuerException>(() =>
-                validator.Validate(TestConstants.AadIssuer, jwtSecurityToken, new TokenValidationParameters() { ValidIssuer = TestConstants.B2CIssuer }));
-            Assert.Equal(expectedErrorMessage, exception.Message);
-        }
-
-        [Fact]
-        public void Validate_NotMatchedToMultipleIssuers_ThrowsException()
-        {
-            var validator = new AadIssuerValidator(null, _httpClientFactory, TestConstants.AadIssuer);
-            var issClaim = new Claim(TestConstants.ClaimNameIss, TestConstants.AadIssuer);
-            var tidClaim = new Claim(TestConstants.ClaimNameTid, TestConstants.TenantIdAsGuid);
-            var jwtSecurityToken = new JwtSecurityToken(issuer: TestConstants.AadIssuer, claims: new[] { issClaim, tidClaim });
-            var expectedErrorMessage = string.Format(
-                    CultureInfo.InvariantCulture,
-                    IDWebErrorMessage.IssuerDoesNotMatchValidIssuers,
-                    TestConstants.AadIssuer);
-
-            var exception = Assert.Throws<SecurityTokenInvalidIssuerException>(() =>
-                validator.Validate(
-                    TestConstants.AadIssuer,
-                    jwtSecurityToken,
-                    new TokenValidationParameters()
-                    {
-                        ValidIssuers = new[]
-                        {
-                            "https://host1/{tenantid}/v2.0",
-                            "https://host2/{tenantid}/v2.0",
-                        },
-                    }));
-            Assert.Equal(expectedErrorMessage, exception.Message);
-        }
-
         // Regression test for https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore-v2/issues/68
         // Similar to Validate_NotMatchedToMultipleIssuers_ThrowsException but uses B2C values
         [Fact]