From d086b2dc23e859f6d57467bd7423e588ecfa04ed Mon Sep 17 00:00:00 2001
From: Warren Parad <gpg@warrenparad.net>
Date: Sun, 24 Dec 2023 16:26:42 +0100
Subject: [PATCH] Don't coerce http to https if requested.

---
 src/extensionClient.js | 3 ++-
 src/httpClient.js      | 4 +++-
 src/index.js           | 3 ++-
 src/util.js            | 7 +++++++
 tests/index.test.js    | 2 +-
 5 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 src/util.js

diff --git a/src/extensionClient.js b/src/extensionClient.js
index 1c33229..4429661 100644
--- a/src/extensionClient.js
+++ b/src/extensionClient.js
@@ -1,6 +1,7 @@
 const base64url = require('./base64url');
 
 const jwtManager = require('./jwtManager');
+const { sanitizeUrl } = require('./util');
 
 const AuthenticationRequestNonceKey = 'ExtensionRequestNonce';
 
@@ -23,7 +24,7 @@ class ExtensionClient {
       throw Error('Missing required property "extensionId" in ExtensionClient constructor. The extension is required for selecting the correct login method.');
     }
 
-    this.authressCustomDomain = `https://${authressCustomDomain.replace(/^(https?:\/+)/, '')}`;
+    this.authressCustomDomain = sanitizeUrl(authressCustomDomain);
     this.accessToken = null;
 
     window.onload = async () => {
diff --git a/src/httpClient.js b/src/httpClient.js
index bc355c5..5b6782b 100644
--- a/src/httpClient.js
+++ b/src/httpClient.js
@@ -1,3 +1,5 @@
+const { sanitizeUrl } = require('./util');
+
 const defaultHeaders = {
   'Content-Type': 'application/json'
 };
@@ -43,7 +45,7 @@ class HttpClient {
     const logger = overrideLogger || { debug() {}, warn() {}, critical() {} };
     this.logger = logger;
 
-    const loginHostFullUrl = new URL(`https://${authressLoginCustomDomain.replace(/^(https?:\/+)/, '')}`);
+    const loginHostFullUrl = new URL(sanitizeUrl(authressLoginCustomDomain));
     this.loginUrl = `${loginHostFullUrl.origin}/api`;
   }
 
diff --git a/src/index.js b/src/index.js
index 9f8b7f3..2589d9f 100644
--- a/src/index.js
+++ b/src/index.js
@@ -3,6 +3,7 @@ const take = require('lodash.take');
 
 const HttpClient = require('./httpClient');
 const jwtManager = require('./jwtManager');
+const { sanitizeUrl } = require('./util');
 const userIdentityTokenStorageManager = require('./userIdentityTokenStorageManager');
 
 let userSessionResolver;
@@ -29,7 +30,7 @@ class LoginClient {
       throw Error('Missing required property "authressLoginHostUrl" in LoginClient constructor. Custom Authress Domain Host is required.');
     }
 
-    this.hostUrl = `https://${hostUrl.replace(/^(https?:\/+)/, '')}`;
+    this.hostUrl = sanitizeUrl(hostUrl);
     this.httpClient = new HttpClient(this.hostUrl, this.logger);
     this.lastSessionCheck = 0;
 
diff --git a/src/util.js b/src/util.js
new file mode 100644
index 0000000..d27b58d
--- /dev/null
+++ b/src/util.js
@@ -0,0 +1,7 @@
+module.exports.sanitizeUrl = function sanitizeUrl(url) {
+  if (url.startsWith('http')) {
+    return url;
+  }
+
+  return `https://${url}`;
+};
diff --git a/tests/index.test.js b/tests/index.test.js
index f52b63d..da4105b 100644
--- a/tests/index.test.js
+++ b/tests/index.test.js
@@ -22,7 +22,7 @@ describe('index.js', () => {
         yield {
           name: 'loginHost set correctly from http',
           url: 'http://login.test.com',
-          expectedBaseUrl: 'https://login.test.com/api'
+          expectedBaseUrl: 'http://login.test.com/api'
         };
 
         yield {