feat: change the returned domain (#257)

gkrajniak · gkrajniaksap · web-flow · commit bc0a041fa076 · 2025-06-13T02:03:01.000-08:00
- **Enhance redirect_uri error handling in auth token service** 
- **Refactor tests in env service for better structure and coverage**
- **Introduce logic to handle subdomain-based base domains in env
service**

This commit enhances error verbosity and ensures that subdomain
configurations and related logic are properly tested and handled in the
service modules.

Co-authored-by: Grzegorz Krajniak &lt;grzegorz.krajniak@sap.com&gt;
diff --git a/src/auth/auth-token.service.ts b/src/auth/auth-token.service.ts
@@ -77,7 +77,10 @@ export class AuthTokenService {
       `${currentAuthEnv.clientId}:${currentAuthEnv.clientSecret}`,
     ).toString('base64')}`;
 
-    const redirectUri = body.get('redirect_uri');
+    const redirectUriMsg =
+      body.get('grant_type') === 'authorization_code'
+        ? `Redirect URI: ${body.get('redirect_uri')}`
+        : '';
     const tokenFetchResult = await firstValueFrom(
       this.httpService
         .post<AuthTokenData>(currentAuthEnv.oauthTokenUrl, body, {
@@ -92,7 +95,7 @@ export class AuthTokenService {
             throw new Error(
               `Error response from auth token server: ${e.toString()}.
               ${e.response.data['error']}: ${e.response.data['error_description']}.
-              params.redirect_uri: ${redirectUri}`,
+              ${redirectUriMsg}`,
             );
           }),
         ),
diff --git a/src/env/env.service.spec.ts b/src/env/env.service.spec.ts
@@ -160,156 +160,171 @@ describe('EnvService', () => {
       discoveryServiceMock = mock<DiscoveryService>();
     });
 
-    it('should get oauthServerUrl and oauthTokenUrl form DISCOVERY_ENDPOINT when discoveryService returns proper values', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app.hyper.space';
-
-      const discoveryServiceMockGetOIDC = jest.spyOn(
-        discoveryServiceMock,
-        'getOIDC',
-      );
-      discoveryServiceMockGetOIDC.mockResolvedValue({
-        authorization_endpoint: 'example.com/authorization_endpoint',
-        token_endpoint: 'example.com/token_endpoint',
+    describe('getEnvWithAuth', () => {
+      it('should get oauthServerUrl and oauthTokenUrl form DISCOVERY_ENDPOINT when discoveryService returns proper values', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app.hyper.space';
+
+        const discoveryServiceMockGetOIDC = jest.spyOn(
+          discoveryServiceMock,
+          'getOIDC',
+        );
+        discoveryServiceMockGetOIDC.mockResolvedValue({
+          authorization_endpoint: 'example.com/authorization_endpoint',
+          token_endpoint: 'example.com/token_endpoint',
+        });
+
+        process.env['DISCOVERY_ENDPOINT_APP'] = 'example.com';
+        const envWithAuth = await service.getCurrentAuthEnv(request);
+
+        expect(envWithAuth.oauthServerUrl).toEqual(
+          'example.com/authorization_endpoint',
+        );
+        expect(envWithAuth.oauthTokenUrl).toEqual('example.com/token_endpoint');
       });
 
-      process.env['DISCOVERY_ENDPOINT_APP'] = 'example.com';
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should get oauthServerUrl and oauthTokenUrl from env when discoveryService returns null ', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app.hyper.space';
 
-      expect(envWithAuth.oauthServerUrl).toEqual(
-        'example.com/authorization_endpoint',
-      );
-      expect(envWithAuth.oauthTokenUrl).toEqual('example.com/token_endpoint');
-    });
+        const discoveryServiceMockGetOIDC = jest.spyOn(
+          discoveryServiceMock,
+          'getOIDC',
+        );
+        discoveryServiceMockGetOIDC.mockResolvedValue(null);
 
-    it('should get oauthServerUrl and oauthTokenUrl from env when discoveryService returns null ', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app.hyper.space';
+        process.env['DISCOVERY_ENDPOINT_APP'] = 'example.com';
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-      const discoveryServiceMockGetOIDC = jest.spyOn(
-        discoveryServiceMock,
-        'getOIDC',
-      );
-      discoveryServiceMockGetOIDC.mockResolvedValue(null);
+        expect(envWithAuth.oauthServerUrl).toEqual('www.app.com');
+        expect(envWithAuth.oauthTokenUrl).toEqual('www.app.token.com');
+      });
 
-      process.env['DISCOVERY_ENDPOINT_APP'] = 'example.com';
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should map the idp to the url for foo', async () => {
+        const request = mock<Request>();
+        request.hostname = 'foo.hyper.space';
 
-      expect(envWithAuth.oauthServerUrl).toEqual('www.app.com');
-      expect(envWithAuth.oauthTokenUrl).toEqual('www.app.token.com');
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should map the idp to the url for foo', async () => {
-      const request = mock<Request>();
-      request.hostname = 'foo.hyper.space';
+        expect(envWithAuth.clientId).toBe(clientIdFoo);
+        expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlFoo);
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should map the idp to the token url for foo', async () => {
+        const request = mock<Request>();
+        request.hostname = 'foo.hyper.space';
 
-      expect(envWithAuth.clientId).toBe(clientIdFoo);
-      expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlFoo);
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should map the idp to the token url for foo', async () => {
-      const request = mock<Request>();
-      request.hostname = 'foo.hyper.space';
+        expect(envWithAuth.clientId).toBe(clientIdFoo);
+        expect(envWithAuth.oauthTokenUrl).toBe(oauthTokenUrlFoo);
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should map the idp to the token url for app', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app.k8s.ondemand.com';
 
-      expect(envWithAuth.clientId).toBe(clientIdFoo);
-      expect(envWithAuth.oauthTokenUrl).toBe(oauthTokenUrlFoo);
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should map the idp to the token url for app', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app.k8s.ondemand.com';
+        expect(envWithAuth.clientId).toBe(clientIdApp);
+        expect(envWithAuth.oauthTokenUrl).toBe(oauthTokenUrlAPP);
+        expect(envWithAuth.idpName).toBe('app');
+        expect(envWithAuth.organization).toBe('app');
+        expect(envWithAuth.baseDomain).toBe('app.k8s.ondemand.com');
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should map the idp of foo to its domain, the foo is configured', async () => {
+        const request = mock<Request>();
+        request.hostname = 'foo.app.k8s.ondemand.com';
 
-      expect(envWithAuth.clientId).toBe(clientIdApp);
-      expect(envWithAuth.oauthTokenUrl).toBe(oauthTokenUrlAPP);
-      expect(envWithAuth.idpName).toBe('app');
-      expect(envWithAuth.organization).toBe('app');
-      expect(envWithAuth.baseDomain).toBe('app.k8s.ondemand.com');
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should map the idp of foo to a different base url', async () => {
-      const request = mock<Request>();
-      request.hostname = 'foo.app.k8s.ondemand.com';
+        expect(envWithAuth.clientId).toBe(clientIdFoo);
+        expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlFoo);
+        expect(envWithAuth.clientSecret).toBe(clientSecretFoo);
+        expect(envWithAuth.baseDomain).toBe('foo.app.k8s.ondemand.com');
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should map the idp of test to an existing its base domain', async () => {
+        const request = mock<Request>();
+        request.hostname = 'test.app.k8s.ondemand.com';
 
-      expect(envWithAuth.clientId).toBe(clientIdFoo);
-      expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlFoo);
-      expect(envWithAuth.clientSecret).toBe(clientSecretFoo);
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should return the default tenant, if a host name is directly matched', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app.k8s.ondemand.com';
+        expect(envWithAuth.clientId).toBe(clientIdApp);
+        expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlAPP);
+        expect(envWithAuth.clientSecret).toBe(clientSecretApp);
+        expect(envWithAuth.baseDomain).toBe('app.k8s.ondemand.com');
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should return the default tenant, if a host name is directly matched', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app.k8s.ondemand.com';
 
-      expect(envWithAuth.clientId).toBe(clientIdApp);
-      expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlAPP);
-      expect(envWithAuth.clientSecret).toBe(clientSecretApp);
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should return the default tenant, for a different host with multiple names is directly matched', async () => {
-      const request = mock<Request>();
-      request.hostname = 'hyper.space';
+        expect(envWithAuth.clientId).toBe(clientIdApp);
+        expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlAPP);
+        expect(envWithAuth.clientSecret).toBe(clientSecretApp);
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should return the default tenant, for a different host with multiple names is directly matched', async () => {
+        const request = mock<Request>();
+        request.hostname = 'hyper.space';
 
-      expect(envWithAuth.clientId).toBe(clientIdHyperspace);
-      expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlHyperspace);
-      expect(envWithAuth.clientSecret).toBe(clientSecretHyperspace);
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should throw when the idp is not existing, neither base domain is present', async () => {
-      const request = mock<Request>();
-      request.hostname = 'not-existing.app.k8s.ondemand2.com';
+        expect(envWithAuth.clientId).toBe(clientIdHyperspace);
+        expect(envWithAuth.oauthServerUrl).toBe(oauthServerUrlHyperspace);
+        expect(envWithAuth.clientSecret).toBe(clientSecretHyperspace);
+      });
 
-      await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
-        "not-existing.app.k8s.ondemand2.com is not listed in the portal's base urls: 'app.k8s.ondemand.com,hyper.space,localhost'",
-      );
-    });
+      it('should throw when the idp is not existing, neither base domain is present', async () => {
+        const request = mock<Request>();
+        request.hostname = 'not-existing.app.k8s.ondemand2.com';
 
-    it('should return the base domain in case the idp is not existing in the env variables, and the organization indicated by the sub domain', async () => {
-      const request = mock<Request>();
-      request.hostname = 'not-existing.app.k8s.ondemand.com';
+        await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
+          "not-existing.app.k8s.ondemand2.com is not listed in the portal's base urls: 'app.k8s.ondemand.com,hyper.space,localhost'",
+        );
+      });
 
-      const envWithAuth = await service.getCurrentAuthEnv(request);
+      it('should return the base domain in case the idp is not existing in the env variables, and the organization indicated by the sub domain', async () => {
+        const request = mock<Request>();
+        request.hostname = 'not-existing.app.k8s.ondemand.com';
 
-      expect(envWithAuth.baseDomain).toBe('app.k8s.ondemand.com');
-      // the idp value here is used to retrieve the auth configuration from env variables, for the idp not-existing there are no env variables
-      expect(envWithAuth.idpName).toBe('app');
-      expect(envWithAuth.organization).toBe('not-existing');
-    });
+        const envWithAuth = await service.getCurrentAuthEnv(request);
 
-    it('should throw when the token url is not configured is not existing', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app.k8s.ondemand.com';
-      delete process.env[`TOKEN_URL_APP`];
+        expect(envWithAuth.baseDomain).toBe('app.k8s.ondemand.com');
+        // the idp value here is used to retrieve the auth configuration from env variables, for the idp not-existing there are no env variables
+        expect(envWithAuth.idpName).toBe('app');
+        expect(envWithAuth.organization).toBe('not-existing');
+      });
 
-      await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(Error);
-    });
+      it('should throw when the token url is not configured is not existing', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app.k8s.ondemand.com';
+        delete process.env[`TOKEN_URL_APP`];
 
-    it('should throw when the domain is not existing', async () => {
-      const request = mock<Request>();
-      request.hostname = 'app-too.foo.com';
+        await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(Error);
+      });
 
-      await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
-        "app-too.foo.com is not listed in the portal's base urls: 'app.k8s.ondemand.com,hyper.space,localhost'",
-      );
-    });
+      it('should throw when the domain is not existing', async () => {
+        const request = mock<Request>();
+        request.hostname = 'app-too.foo.com';
 
-    it('should throw when the idp is not properly configured', async () => {
-      const request = mock<Request>();
-      request.hostname = 'not-configured.app.k8s.ondemand.com';
+        await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
+          "app-too.foo.com is not listed in the portal's base urls: 'app.k8s.ondemand.com,hyper.space,localhost'",
+        );
+      });
 
-      await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
-        "the idp not-configured is not properly configured. oauthServerUrl: 'undefined' oauthTokenUrl: 'undefined' clientId: 'undefined', has client secret (OIDC_CLIENT_SECRET_NOT_CONFIGURED): false",
-      );
+      it('should throw when the idp is not properly configured', async () => {
+        const request = mock<Request>();
+        request.hostname = 'not-configured.app.k8s.ondemand.com';
+
+        await expect(service.getCurrentAuthEnv(request)).rejects.toThrow(
+          "the idp not-configured is not properly configured. oauthServerUrl: 'undefined' oauthTokenUrl: 'undefined' clientId: 'undefined', has client secret (OIDC_CLIENT_SECRET_NOT_CONFIGURED): false",
+        );
+      });
     });
   });
 
diff --git a/src/env/env.service.ts b/src/env/env.service.ts
@@ -172,6 +172,11 @@ export class EnvService {
       );
     }
 
+    // if we have configured the subdomain idp name in the environment, we use it as a baseDomain
+    if (idpName === subDomainIdpName) {
+      baseDomain = `${subDomainIdpName}.${baseDomain}`;
+    }
+
     return {
       idpName,
       baseDomain,
