Don't coerce http to https if requested.

Authress · Dec 24, 2023 · d086b2d · d086b2d
1 parent 2ae36c5
commit d086b2d
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 4 deletions.
diff --git a/src/extensionClient.js b/src/extensionClient.js
@@ -1,6 +1,7 @@
 const base64url = require('./base64url');
 
 const jwtManager = require('./jwtManager');
+const { sanitizeUrl } = require('./util');
 
 const AuthenticationRequestNonceKey = 'ExtensionRequestNonce';
 
@@ -23,7 +24,7 @@ class ExtensionClient {
       throw Error('Missing required property "extensionId" in ExtensionClient constructor. The extension is required for selecting the correct login method.');
     }
 
-    this.authressCustomDomain = `https://${authressCustomDomain.replace(/^(https?:\/+)/, '')}`;
+    this.authressCustomDomain = sanitizeUrl(authressCustomDomain);
     this.accessToken = null;
 
     window.onload = async () => {

diff --git a/src/httpClient.js b/src/httpClient.js
@@ -1,3 +1,5 @@
+const { sanitizeUrl } = require('./util');
+
 const defaultHeaders = {
   'Content-Type': 'application/json'
 };
@@ -43,7 +45,7 @@ class HttpClient {
     const logger = overrideLogger || { debug() {}, warn() {}, critical() {} };
     this.logger = logger;
 
-    const loginHostFullUrl = new URL(`https://${authressLoginCustomDomain.replace(/^(https?:\/+)/, '')}`);
+    const loginHostFullUrl = new URL(sanitizeUrl(authressLoginCustomDomain));
     this.loginUrl = `${loginHostFullUrl.origin}/api`;
   }
 

diff --git a/src/index.js b/src/index.js
@@ -3,6 +3,7 @@ const take = require('lodash.take');
 
 const HttpClient = require('./httpClient');
 const jwtManager = require('./jwtManager');
+const { sanitizeUrl } = require('./util');
 const userIdentityTokenStorageManager = require('./userIdentityTokenStorageManager');
 
 let userSessionResolver;
@@ -29,7 +30,7 @@ class LoginClient {
       throw Error('Missing required property "authressLoginHostUrl" in LoginClient constructor. Custom Authress Domain Host is required.');
     }
 
-    this.hostUrl = `https://${hostUrl.replace(/^(https?:\/+)/, '')}`;
+    this.hostUrl = sanitizeUrl(hostUrl);
     this.httpClient = new HttpClient(this.hostUrl, this.logger);
     this.lastSessionCheck = 0;
 

diff --git a/src/util.js b/src/util.js
@@ -0,0 +1,7 @@
+module.exports.sanitizeUrl = function sanitizeUrl(url) {
+  if (url.startsWith('http')) {
+    return url;
+  }
+
+  return `https://${url}`;
+};
diff --git a/tests/index.test.js b/tests/index.test.js
@@ -22,7 +22,7 @@ describe('index.js', () => {
         yield {
           name: 'loginHost set correctly from http',
           url: 'http://login.test.com',
-          expectedBaseUrl: 'https://login.test.com/api'
+          expectedBaseUrl: 'http://login.test.com/api'
         };
 
         yield {