Merge pull request #2660 from openziti/fix.2659.oidc.panic.media.type

fixes #2659 OIDC login panics on invalid media types

controller/oidc_auth/login.go

@@ -283,7 +283,7 @@ func (l *login) authenticate(w http.ResponseWriter, r *http.Request) {
 	apiErr := parsePayload(r, credentials)
 
 	if apiErr != nil {
-		renderJsonError(w, err)
+		renderJsonError(w, apiErr)
 		return
 	}
 

controller/oidc_auth/negotiate.go

@@ -43,7 +43,7 @@ func negotiateBodyContentType(r *http.Request) (string, *errorz.ApiError) {
 
 		Code:        "UNSUPPORTED_MEDIA_TYPE",
 		Message:     fmt.Sprintf("the content type: %s, is not supported (supported: %s, %s)", contentType, FormContentType, JsonContentType),
-		Status:      0,
+		Status:      http.StatusUnsupportedMediaType,
 		Cause:       nil,
 		AppendCause: false,
 	}

tests/auth_oidc_test.go

@@ -146,11 +146,24 @@ func Test_Authenticate_OIDC_Auth(t *testing.T) {
 	rpServer.Start()
 	defer rpServer.Stop()
 
-	//clientApiUrl, err := url.Parse("https://" + ctx.ApiHost + EdgeClientApiPath)
-	//ctx.Req.NoError(err)
-	//
-	//managementApiUrl, err := url.Parse("https://" + ctx.ApiHost + EdgeManagementApiPath)
-	//ctx.Req.NoError(err)
+	t.Run("attempt to auth with multipart form data, expect unsupported media type", func(t *testing.T) {
+		ctx.testContextChanged(t)
+
+		client := resty.NewWithClient(ctx.NewHttpClient(ctx.NewTransport()))
+		client.SetRedirectPolicy(resty.DomainCheckRedirectPolicy("127.0.0.1", "localhost"))
+
+		loginPath := "https://" + ctx.ApiHost + "/oidc/login/password?authRequestID=12345"
+
+		ctx.Req.NoError(err)
+		ctx.Req.NotEmpty(loginPath)
+
+		resp, err := client.R().SetMultipartFormData(map[string]string{
+			"username": "admin",
+			"password": "admin",
+		}).Post(loginPath)
+		ctx.Req.NoError(err)
+		ctx.Req.Equal(http.StatusUnsupportedMediaType, resp.StatusCode())
+	})
 
 	t.Run("updb", func(t *testing.T) {
 		ctx.testContextChanged(t)