fix: error in replaceAuthErrorsWithEnvironmentVariables

The method should only change error messages if it was called with the correct parameters. Otherwise the function would change e.g `.url` in the error message to `_URL` and the regex is not able to change the front of the error message.

Signed-off-by: Philip Molares <philip.molares@udo.edu>

src/config/auth.config.ts

@@ -387,33 +387,38 @@ export default registerAs('authConfig', () => {
   if (authConfig.error) {
     const errorMessages = authConfig.error.details
       .map((detail) => detail.message)
-      .map((error) => {
+      .map((error) =>
-        error = replaceAuthErrorsWithEnvironmentVariables(
+        replaceAuthErrorsWithEnvironmentVariables(
           error,
           'gitlab',
           'HD_AUTH_GITLAB_',
           gitlabNames,
-        );
+        ),
-        error = replaceAuthErrorsWithEnvironmentVariables(
+      )
+      .map((error) =>
+        replaceAuthErrorsWithEnvironmentVariables(
           error,
           'ldap',
           'HD_AUTH_LDAP_',
           ldapNames,
-        );
+        ),
-        error = replaceAuthErrorsWithEnvironmentVariables(
+      )
+      .map((error) =>
+        replaceAuthErrorsWithEnvironmentVariables(
           error,
           'saml',
           'HD_AUTH_SAML_',
           samlNames,
-        );
+        ),
-        error = replaceAuthErrorsWithEnvironmentVariables(
+      )
+      .map((error) =>
+        replaceAuthErrorsWithEnvironmentVariables(
           error,
           'oauth2',
           'HD_AUTH_OAUTH2_',
           oauth2Names,
+        ),
       );
-        return error;
-      });
     throw new Error(buildErrorMessage(errorMessages));
   }
   return authConfig.value as AuthConfig;

src/config/utils.spec.ts

@@ -41,6 +41,26 @@ describe('config utils', () => {
         ),
       ).toEqual('"HD_AUTH_GITLAB_test_SCOPE');
     });
+    it('"ldap[0].url', () => {
+      expect(
+        replaceAuthErrorsWithEnvironmentVariables(
+          '"ldap[0].url',
+          'ldap',
+          'HD_AUTH_LDAP_',
+          ['test'],
+        ),
+      ).toEqual('"HD_AUTH_LDAP_test_URL');
+    });
+    it('"ldap[0].url is not changed by gitlab call', () => {
+      expect(
+        replaceAuthErrorsWithEnvironmentVariables(
+          '"ldap[0].url',
+          'gitlab',
+          'HD_AUTH_GITLAB_',
+          ['test'],
+        ),
+      ).toEqual('"ldap[0].url');
+    });
   });
   describe('needToLog', () => {
     it('currentLevel ERROR', () => {

src/config/utils.ts

@@ -34,59 +34,67 @@ export function replaceAuthErrorsWithEnvironmentVariables(
 ): string {
   // this builds a regex like /"gitlab\[(\d+)]\./ to extract the position in the arrayOfNames
   const regex = new RegExp('"' + name + '\\[(\\d+)]\\.', 'g');
-  message = message.replace(
+  let newMessage = message.replace(
     regex,
     (_, index: number) => `"${replacement}${arrayOfNames[index]}.`,
   );
-  message = message.replace('.providerName', '_PROVIDER_NAME');
+  if (newMessage != message) {
-  message = message.replace('.baseURL', '_BASE_URL');
+    newMessage = newMessage.replace('.providerName', '_PROVIDER_NAME');
-  message = message.replace('.clientID', '_CLIENT_ID');
+    newMessage = newMessage.replace('.baseURL', '_BASE_URL');
-  message = message.replace('.clientSecret', '_CLIENT_SECRET');
+    newMessage = newMessage.replace('.clientID', '_CLIENT_ID');
-  message = message.replace('.scope', '_SCOPE');
+    newMessage = newMessage.replace('.clientSecret', '_CLIENT_SECRET');
-  message = message.replace('.version', '_GITLAB_VERSION');
+    newMessage = newMessage.replace('.scope', '_SCOPE');
-  message = message.replace('.url', '_URL');
+    newMessage = newMessage.replace('.version', '_GITLAB_VERSION');
-  message = message.replace('.bindDn', '_BIND_DN');
+    newMessage = newMessage.replace('.url', '_URL');
-  message = message.replace('.bindCredentials', '_BIND_CREDENTIALS');
+    newMessage = newMessage.replace('.bindDn', '_BIND_DN');
-  message = message.replace('.searchBase', '_SEARCH_BASE');
+    newMessage = newMessage.replace('.bindCredentials', '_BIND_CREDENTIALS');
-  message = message.replace('.searchFilter', '_SEARCH_FILTER');
+    newMessage = newMessage.replace('.searchBase', '_SEARCH_BASE');
-  message = message.replace('.searchAttributes', '_SEARCH_ATTRIBUTES');
+    newMessage = newMessage.replace('.searchFilter', '_SEARCH_FILTER');
-  message = message.replace('.usernameField', '_USERNAME_FIELD');
+    newMessage = newMessage.replace('.searchAttributes', '_SEARCH_ATTRIBUTES');
-  message = message.replace('.useridField', '_USERID_FIELD');
+    newMessage = newMessage.replace('.usernameField', '_USERNAME_FIELD');
-  message = message.replace('.tlsCa', '_TLS_CA');
+    newMessage = newMessage.replace('.useridField', '_USERID_FIELD');
-  message = message.replace('.idpSsoUrl', '_IDP_SSO_URL');
+    newMessage = newMessage.replace('.tlsCa', '_TLS_CA');
-  message = message.replace('.idpCert', '_IDP_CERT');
+    newMessage = newMessage.replace('.idpSsoUrl', '_IDP_SSO_URL');
-  message = message.replace('.clientCert', '_CLIENT_CERT');
+    newMessage = newMessage.replace('.idpCert', '_IDP_CERT');
-  message = message.replace('.issuer', '_ISSUER');
+    newMessage = newMessage.replace('.clientCert', '_CLIENT_CERT');
-  message = message.replace('.identifierFormat', '_IDENTIFIER_FORMAT');
+    newMessage = newMessage.replace('.issuer', '_ISSUER');
-  message = message.replace(
+    newMessage = newMessage.replace('.identifierFormat', '_IDENTIFIER_FORMAT');
+    newMessage = newMessage.replace(
       '.disableRequestedAuthnContext',
       '_DISABLE_REQUESTED_AUTHN_CONTEXT',
     );
-  message = message.replace('.groupAttribute', '_GROUP_ATTRIBUTE');
+    newMessage = newMessage.replace('.groupAttribute', '_GROUP_ATTRIBUTE');
-  message = message.replace('.requiredGroups', '_REQUIRED_GROUPS');
+    newMessage = newMessage.replace('.requiredGroups', '_REQUIRED_GROUPS');
-  message = message.replace('.externalGroups', '_EXTERNAL_GROUPS');
+    newMessage = newMessage.replace('.externalGroups', '_EXTERNAL_GROUPS');
-  message = message.replace('.attribute.id', '_ATTRIBUTE_ID');
+    newMessage = newMessage.replace('.attribute.id', '_ATTRIBUTE_ID');
-  message = message.replace('.attribute.username', '_ATTRIBUTE_USERNAME');
+    newMessage = newMessage.replace(
-  message = message.replace('.attribute.email', '_ATTRIBUTE_USERNAME');
+      '.attribute.username',
-  message = message.replace('.userProfileURL', '_USER_PROFILE_URL');
+      '_ATTRIBUTE_USERNAME',
-  message = message.replace('.userProfileIdAttr', '_USER_PROFILE_ID_ATTR');
+    );
-  message = message.replace(
+    newMessage = newMessage.replace('.attribute.email', '_ATTRIBUTE_USERNAME');
+    newMessage = newMessage.replace('.userProfileURL', '_USER_PROFILE_URL');
+    newMessage = newMessage.replace(
+      '.userProfileIdAttr',
+      '_USER_PROFILE_ID_ATTR',
+    );
+    newMessage = newMessage.replace(
       '.userProfileUsernameAttr',
       '_USER_PROFILE_USERNAME_ATTR',
     );
-  message = message.replace(
+    newMessage = newMessage.replace(
       '.userProfileDisplayNameAttr',
       '_USER_PROFILE_DISPLAY_NAME_ATTR',
     );
-  message = message.replace(
+    newMessage = newMessage.replace(
       '.userProfileEmailAttr',
       '_USER_PROFILE_EMAIL_ATTR',
     );
-  message = message.replace('.tokenURL', '_TOKEN_URL');
+    newMessage = newMessage.replace('.tokenURL', '_TOKEN_URL');
-  message = message.replace('.authorizationURL', '_AUTHORIZATION_URL');
+    newMessage = newMessage.replace('.authorizationURL', '_AUTHORIZATION_URL');
-  message = message.replace('.rolesClaim', '_ROLES_CLAIM');
+    newMessage = newMessage.replace('.rolesClaim', '_ROLES_CLAIM');
-  message = message.replace('.accessRole', '_ACCESS_ROLE');
+    newMessage = newMessage.replace('.accessRole', '_ACCESS_ROLE');
-  return message;
+  }
+  return newMessage;
 }
 
 export function needToLog(