From 0c815da523fcf8435bb46105c43e21ab1123bfef Mon Sep 17 00:00:00 2001
From: Chris R <Tratcher@outlook.com>
Date: Fri, 4 Nov 2016 10:50:40 -0700
Subject: [PATCH] #903 Ensure redirect uris can be generated

---
 .../OpenIdConnectHandler.cs                          | 12 ++++++++++++
 .../OpenIdConnect/OpenIdConnectChallengeTests.cs     | 12 ++++++++++++
 .../OpenIdConnect/OpenIdConnectMiddlewareTests.cs    | 11 +++++++++++
 3 files changed, 35 insertions(+)

diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
index 9cc4fc2cd4..6c3c2e9387 100644
--- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
+++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs
@@ -208,6 +208,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             message.State = Options.StateDataFormat.Protect(properties);
 
+            if (string.IsNullOrEmpty(message.IssuerAddress))
+            {
+                throw new InvalidOperationException(
+                    "Cannot redirect to the end session endpoint, the configuration may be missing or invalid.");
+            }
+
             if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
             {
                 var redirectUri = message.CreateLogoutRequestUrl();
@@ -356,6 +362,12 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
 
             message.State = Options.StateDataFormat.Protect(properties);
 
+            if (string.IsNullOrEmpty(message.IssuerAddress))
+            {
+                throw new InvalidOperationException(
+                    "Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.");
+            }
+
             if (Options.AuthenticationMethod == OpenIdConnectRedirectBehavior.RedirectGet)
             {
                 var redirectUri = message.CreateAuthenticationRequestUrl();
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
index fc9338e2bf..b9c0179aff 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectChallengeTests.cs
@@ -222,6 +222,7 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
         {
             var newMessage = new MockOpenIdConnectMessage
             {
+                IssuerAddress = "http://example.com/",
                 TestAuthorizeEndpoint = $"http://example.com/{Guid.NewGuid()}/oauth2/signin"
             };
 
@@ -322,5 +323,16 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.StartsWith(".AspNetCore.Correlation.OpenIdConnect.", secondCookie);
             Assert.Contains("expires", secondCookie);
         }
+
+        [Fact]
+        public async Task Challenge_WithEmptyConfig_Fails()
+        {
+            var settings = new TestSettings(
+                opt => opt.Configuration = new OpenIdConnectConfiguration());
+
+            var server = settings.CreateTestServer();
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(ChallengeEndpoint));
+            Assert.Equal("Cannot redirect to the authorization endpoint, the configuration may be missing or invalid.", exception.Message);
+        }
     }
 }
\ No newline at end of file
diff --git a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
index 2862e10537..6c427c600e 100644
--- a/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
+++ b/test/Microsoft.AspNetCore.Authentication.Test/OpenIdConnect/OpenIdConnectMiddlewareTests.cs
@@ -135,6 +135,17 @@ namespace Microsoft.AspNetCore.Authentication.Tests.OpenIdConnect
             Assert.Equal("http://www.example.com/specific_redirect_uri", properties.RedirectUri, true);
         }
 
+        [Fact]
+        public async Task SignOut_WithMissingConfig_Throws()
+        {
+            var setting = new TestSettings(opt => opt.Configuration = new OpenIdConnectConfiguration());
+
+            var server = setting.CreateTestServer();
+
+            var exception = await Assert.ThrowsAsync<InvalidOperationException>(() => server.SendAsync(DefaultHost + TestServerBuilder.Signout));
+            Assert.Equal("Cannot redirect to the end session endpoint, the configuration may be missing or invalid.", exception.Message);
+        }
+
         // Test Cases for calculating the expiration time of cookie from cookie name
         [Fact]
         public void NonceCookieExpirationTime()