diff --git a/bff/src/Bff/Configuration/BffRemoteApiEndpointMetadata.cs b/bff/src/Bff/Configuration/BffRemoteApiEndpointMetadata.cs index 2549fba45..ad10ba168 100644 --- a/bff/src/Bff/Configuration/BffRemoteApiEndpointMetadata.cs +++ b/bff/src/Bff/Configuration/BffRemoteApiEndpointMetadata.cs @@ -42,7 +42,7 @@ public Type AccessTokenRetriever } else { - throw new Exception("Attempt to assign a AccessTokenRetriever type that cannot be assigned to IAccessTokenTokenRetriever"); + throw new InvalidOperationException("Attempt to assign a AccessTokenRetriever type that cannot be assigned to IAccessTokenTokenRetriever"); } } } diff --git a/bff/src/Bff/EndpointServices/BackchannelLogout/DefaultBackchannelLogoutService.cs b/bff/src/Bff/EndpointServices/BackchannelLogout/DefaultBackchannelLogoutService.cs index f67de2668..073482985 100644 --- a/bff/src/Bff/EndpointServices/BackchannelLogout/DefaultBackchannelLogoutService.cs +++ b/bff/src/Bff/EndpointServices/BackchannelLogout/DefaultBackchannelLogoutService.cs @@ -195,13 +195,13 @@ protected virtual async Task GetTokenValidationParame var scheme = await AuthenticationSchemeProvider.GetDefaultChallengeSchemeAsync(); if (scheme == null) { - throw new Exception("Failed to obtain default challenge scheme"); + throw new InvalidOperationException("Failed to obtain default challenge scheme"); } var options = OptionsMonitor.Get(scheme.Name); if (options == null) { - throw new Exception("Failed to obtain OIDC options for default challenge scheme"); + throw new InvalidOperationException("Failed to obtain OIDC options for default challenge scheme"); } var config = options.Configuration; @@ -212,7 +212,7 @@ protected virtual async Task GetTokenValidationParame if (config == null) { - throw new Exception("Failed to obtain OIDC configuration"); + throw new InvalidOperationException("Failed to obtain OIDC configuration"); } var parameters = new TokenValidationParameters diff --git a/bff/src/Bff/EndpointServices/Login/DefaultLoginService.cs b/bff/src/Bff/EndpointServices/Login/DefaultLoginService.cs index 815954723..81f1f6380 100644 --- a/bff/src/Bff/EndpointServices/Login/DefaultLoginService.cs +++ b/bff/src/Bff/EndpointServices/Login/DefaultLoginService.cs @@ -54,7 +54,13 @@ public virtual async Task ProcessRequestAsync(HttpContext context) { if (!await ReturnUrlValidator.IsValidAsync(returnUrl)) { - throw new Exception("returnUrl is not valid: " + returnUrl); + context.Response.StatusCode = StatusCodes.Status400BadRequest; + await context.Response.WriteAsJsonAsync(new HttpValidationProblemDetails() + { + Title = "ReturnUrl is not valid", + }); + + return; } } diff --git a/bff/src/Bff/EndpointServices/Logout/DefaultLogoutService.cs b/bff/src/Bff/EndpointServices/Logout/DefaultLogoutService.cs index c812ebdeb..25fa7379b 100644 --- a/bff/src/Bff/EndpointServices/Logout/DefaultLogoutService.cs +++ b/bff/src/Bff/EndpointServices/Logout/DefaultLogoutService.cs @@ -71,7 +71,13 @@ public virtual async Task ProcessRequestAsync(HttpContext context) // prevent unauthenticated logout requests (similar to OIDC front channel) if (Options.RequireLogoutSessionId && userSessionId != passedSessionId) { - throw new Exception("Invalid Session Id"); + context.Response.StatusCode = StatusCodes.Status400BadRequest; + await context.Response.WriteAsJsonAsync(new HttpValidationProblemDetails() + { + Title = "Invalid Session id", + }); + + return; } } } @@ -81,7 +87,13 @@ public virtual async Task ProcessRequestAsync(HttpContext context) { if (!await ReturnUrlValidator.IsValidAsync(returnUrl)) { - throw new Exception("returnUrl is not valid: " + returnUrl); + context.Response.StatusCode = StatusCodes.Status400BadRequest; + await context.Response.WriteAsJsonAsync(new HttpValidationProblemDetails() + { + Title = "ReturnUrl is not valid", + }); + + return; } } diff --git a/bff/src/Bff/EndpointServices/SilentLogin/PostConfigureOidcOptionsForSilentLogin.cs b/bff/src/Bff/EndpointServices/SilentLogin/PostConfigureOidcOptionsForSilentLogin.cs index faed56718..193562303 100644 --- a/bff/src/Bff/EndpointServices/SilentLogin/PostConfigureOidcOptionsForSilentLogin.cs +++ b/bff/src/Bff/EndpointServices/SilentLogin/PostConfigureOidcOptionsForSilentLogin.cs @@ -32,7 +32,7 @@ public void PostConfigure(string? name, OpenIdConnectOptions options) { if (options.EventsType != null && !typeof(BffOpenIdConnectEvents).IsAssignableFrom(options.EventsType)) { - throw new Exception("EventsType on OpenIdConnectOptions must derive from BffOpenIdConnectEvents to work with the BFF framework."); + throw new InvalidOperationException("EventsType on OpenIdConnectOptions must derive from BffOpenIdConnectEvents to work with the BFF framework."); } if (options.EventsType == null) diff --git a/bff/src/Bff/SessionManagement/SessionStore/InMemoryUserSessionStore.cs b/bff/src/Bff/SessionManagement/SessionStore/InMemoryUserSessionStore.cs index 465bde5ee..23ea93b0f 100644 --- a/bff/src/Bff/SessionManagement/SessionStore/InMemoryUserSessionStore.cs +++ b/bff/src/Bff/SessionManagement/SessionStore/InMemoryUserSessionStore.cs @@ -17,7 +17,7 @@ public Task CreateUserSessionAsync(UserSession session, CancellationToken cancel { if (!_store.TryAdd(session.Key, session.Clone())) { - throw new Exception("Key already exists"); + throw new InvalidOperationException("Key already exists"); } return Task.CompletedTask; } diff --git a/bff/test/Bff.Tests/Endpoints/Management/LoginEndpointTests.cs b/bff/test/Bff.Tests/Endpoints/Management/LoginEndpointTests.cs index bbf861f6c..df1150b99 100644 --- a/bff/test/Bff.Tests/Endpoints/Management/LoginEndpointTests.cs +++ b/bff/test/Bff.Tests/Endpoints/Management/LoginEndpointTests.cs @@ -154,9 +154,8 @@ public async Task login_endpoint_should_accept_returnUrl() [Fact] public async Task login_endpoint_should_not_accept_non_local_returnUrl() { - Func f = () => BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=https://foo"); - var exception = (await f.ShouldThrowAsync()); - exception.Message.ShouldContain("returnUrl"); + var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/login") + "?returnUrl=https://foo"); + response.StatusCode.ShouldBe(HttpStatusCode.BadRequest); } } } diff --git a/bff/test/Bff.Tests/Endpoints/Management/LogoutEndpointTests.cs b/bff/test/Bff.Tests/Endpoints/Management/LogoutEndpointTests.cs index 46e40c40d..7f29847c8 100644 --- a/bff/test/Bff.Tests/Endpoints/Management/LogoutEndpointTests.cs +++ b/bff/test/Bff.Tests/Endpoints/Management/LogoutEndpointTests.cs @@ -44,8 +44,8 @@ public async Task logout_endpoint_for_authenticated_should_require_sid() { await BffHost.BffLoginAsync("alice", "sid123"); - Func f = () => BffHost.BffLogoutAsync(); - await f.ShouldThrowAsync(); + var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout")); + response.StatusCode.ShouldBe(HttpStatusCode.BadRequest); (await BffHost.GetIsUserLoggedInAsync()).ShouldBeTrue(); } @@ -148,10 +148,8 @@ public async Task logout_endpoint_should_reject_non_local_returnUrl() { await BffHost.BffLoginAsync("alice", "sid123"); - Func f = () => BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=https://foo"); - var exception = await f.ShouldThrowAsync(); - - exception.Message.ShouldContain("returnUrl"); + var response = await BffHost.BrowserClient.GetAsync(BffHost.Url("/bff/logout") + "?sid=sid123&returnUrl=https://foo"); + response.StatusCode.ShouldBe(HttpStatusCode.BadRequest); } } } diff --git a/bff/test/Bff.Tests/TestHosts/BffHost.cs b/bff/test/Bff.Tests/TestHosts/BffHost.cs index 5caedcc72..24e85c8b3 100644 --- a/bff/test/Bff.Tests/TestHosts/BffHost.cs +++ b/bff/test/Bff.Tests/TestHosts/BffHost.cs @@ -182,7 +182,7 @@ private void Configure(IApplicationBuilder app) } else { - throw new Exception("Invalid LocalApiResponseStatus"); + throw new InvalidOperationException("Invalid LocalApiResponseStatus"); } }) .AsBffApiEndpoint();