Skip to content

Failing Config validation for invalid claims in SWA #1016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 6, 2022
Merged

Failing Config validation for invalid claims in SWA #1016

merged 4 commits into from
Dec 6, 2022

Conversation

@ayush3797
Copy link
Contributor

@ayush3797 ayush3797 commented Dec 6, 2022
edited
Loading

Why make this change?

Currently the payload for SWA in X-MS-CLIENT-PRINCIPAL header does not contain any claims. We self-populate claims like userId and userDetails into the ClaimsPrincipal object ourselves and hence any claim other than these 2 referenced in the database policy should lead to a config validation error.
The changes made in this PR are to address the same.

What is this change?

An additional check is added to database policy validation where the validation would fail if any claim other than userId or userDetails is referenced when the authentication provider is StaticWebApps.

How was this tested?

  • Integration Tests - Passing of existing tests confirm the correctness of the change.
  • Unit Tests - Test TestInvalidClaimsForStaticWebApps is added in ConfigValidationUnitTests class to unit test the change.

@ayush3797 ayush3797 self-assigned this Dec 6, 2022
@ayush3797 ayush3797 added the auth label Dec 6, 2022
@ayush3797 ayush3797 linked an issue Dec 6, 2022 that may be closed by this pull request
Claims other than userId and userDetails should not be referenced in db policy for SWA #1009
Closed
@ayush3797 ayush3797 marked this pull request as ready for review December 6, 2022 08:55
@ayush3797 ayush3797 changed the title Failing validation for invalid claims in SWA Failing Config validation for invalid claims in SWA Dec 6, 2022
Aniruddh25
Aniruddh25 reviewed Dec 6, 2022
View reviewed changes
Aniruddh25
Aniruddh25 approved these changes Dec 6, 2022
View reviewed changes
Copy link
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the quick fix! Can even make it to Nov2022 now :)

abhishekkumams
abhishekkumams approved these changes Dec 6, 2022
View reviewed changes
Copy link
Contributor

@abhishekkumams abhishekkumams left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ayush3797 ayush3797 merged commit 8a0d2e3 into main Dec 6, 2022
@ayush3797 ayush3797 deleted the dev/agarwalayush/invalidClaimsinSWA branch December 6, 2022 09:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aniruddh25 Aniruddh25 Aniruddh25 approved these changes

@mbhaskar mbhaskar Awaiting requested review from mbhaskar

@JelteF JelteF Awaiting requested review from JelteF

@seantleonard seantleonard Awaiting requested review from seantleonard

@jarupatj jarupatj Awaiting requested review from jarupatj

@Mathos1432 Mathos1432 Awaiting requested review from Mathos1432

@gledis69 gledis69 Awaiting requested review from gledis69

@aaronburtle aaronburtle Awaiting requested review from aaronburtle aaronburtle is a code owner

@milismsft milismsft Awaiting requested review from milismsft

@junsu0ms junsu0ms Awaiting requested review from junsu0ms

@tarazou9 tarazou9 Awaiting requested review from tarazou9

@aaronpowell aaronpowell Awaiting requested review from aaronpowell

@severussundar severussundar Awaiting requested review from severussundar

@ravishetye ravishetye Awaiting requested review from ravishetye

+1 more reviewer

@abhishekkumams abhishekkumams abhishekkumams approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ayush3797 ayush3797

Labels

auth

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Claims other than userId and userDetails should not be referenced in db policy for SWA

4 participants

@ayush3797 @Aniruddh25 @abhishekkumams