search

geoffrich / svelte-adapter-azure-swa

SvelteKit adapter for Azure Static Web Apps.
MIT License
142 stars 32 forks source link

Incorrect encoding when decoding the ClientPrincipal #157

Open mumbler9486 opened 1 year ago

mumbler9486 commented 1 year ago

Hi, been getting an issue with the adapter when decoding the x-ms-client-principal.

I have a B2C tenant where we have a custom attribute called PlayerName (string). I have a SvelteKit app running on Azure's Static Web Apps consuming the x-ms-client-principal. This field accepts pretty much any character but for our purposes we'd like to allow kanji characters like 漢字 .

When Sveltekit parses the header, I get this exception:

Exception while executing function: Functions.sk_render Result: Failure Exception: Unexpected token  in JSON at position 93 Stack: SyntaxError: Unexpected token  in JSON at position 93     at JSON.parse (<anonymous>)     at getClientPrincipalFromHeaders (/home/site/wwwroot/sk_render/index.js:117420:32)     at Object.index23 (/home/site/wwwroot/sk_render/index.js:117435:27)     at t.InvocationModel.<anonymous> (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:59683)     at Generator.next (<anonymous>)     at /azure-functions-host/workers/node/dist/src/worker-bundle.js:2:58008     at new Promise (<anonymous>)     at h (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:57753)     at t.InvocationModel.invokeFunction (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:59490)     at m.<anonymous> (/azure-functions-host/workers/node/dist/src/worker-bundle.js:2:37872)

I believe the error happens here: https://github.com/geoffrich/svelte-adapter-azure-swa/blob/main/files/headers.js#L59

Which the Microsoft documentation says the same thing: https://learn.microsoft.com/en-us/azure/static-web-apps/user-information?tabs=javascript#api-functions

However I think this is incorrect because the client principal is basically a JWT encoded which I think are encoded UTF-8. I think the Microsoft documentation is incorrect.

I wanted to get a confirmation from them before sending in an issue but nothing from them so far. https://learn.microsoft.com/en-us/answers/questions/1375113/azure-b2c-client-principal-encoding-documentation?page=1&orderby=helpful&comment=answer-1323081

Reproduction steps:

  1. Setup B2C login for the website
  2. Add custom string attribute field
  3. Create new account and add kanji characters
  4. Login with said account
  5. 500 error while logged in on the site

I still have this setup so I can maybe do some testing.

geoffrich commented 12 months ago

Thanks for the report - do you think you could open a PR with a failing test that reproduces the issue? It would go here: https://github.com/geoffrich/svelte-adapter-azure-swa/blob/1dc3918a8ea0ec2ddfc08e8dedc4d404862d3e2e/test/headers.test.js#L102-L121

If you want to contribute a fix too that would be welcome, but just giving a test case would really help.

I'll also open a PR (hopefully today) to try/catch the reading of the client principal header, so we at least don't crash due to an encoding issue.

geoffrich commented 12 months ago

v0.19.1 of the adapter should no longer throw an exception if it can't parse the client principal.