Updated one conditions and added issuer to all tests

Author: 4gust

msal/authority.py

@@ -237,12 +237,9 @@ def has_valid_issuer(self):
 
         # Case 3: Regional variant check - O(1) lookup
         # e.g., westus2.login.microsoft.com -> extract "login.microsoft.com"
-        dot_index = issuer_host.find(".")
-        if dot_index > 0:
-            potential_base = issuer_host[dot_index + 1:]
-            if potential_base in TRUSTED_ISSUER_HOSTS and "." not in issuer_host[:dot_index]:
-                return True
-
+        if any(issuer_host.endswith("." + trusted) for trusted in TRUSTED_ISSUER_HOSTS):
+            return True
+        
         # Case 4: Same scheme and host (path can differ)
         if (authority_parsed.scheme == issuer_parsed.scheme and 
             authority_parsed.netloc == issuer_parsed.netloc):

tests/test_application.py

@@ -24,6 +24,7 @@
 _OIDC_DISCOVERY_MOCK = Mock(return_value={
     "authorization_endpoint": "https://contoso.com/placeholder",
     "token_endpoint": "https://contoso.com/placeholder",
+    "issuer": "https://contoso.com/tenant",
 })
 
 
@@ -690,6 +691,7 @@ def mock_post(url, headers=None, *args, **kwargs):
     @patch(_OIDC_DISCOVERY, new=Mock(return_value={
         "authorization_endpoint": "https://contoso.com/common",
         "token_endpoint": "https://contoso.com/common",
+        "issuer": "https://contoso.com/common",
         }))
     def test_common_authority_should_emit_warning(self):
         self._test_certain_authority_should_emit_warning(
@@ -698,6 +700,7 @@ def test_common_authority_should_emit_warning(self):
     @patch(_OIDC_DISCOVERY, new=Mock(return_value={
         "authorization_endpoint": "https://contoso.com/organizations",
         "token_endpoint": "https://contoso.com/organizations",
+        "issuer": "https://contoso.com/organizations",
         }))
     def test_organizations_authority_should_emit_warning(self):
         self._test_certain_authority_should_emit_warning(
@@ -755,6 +758,7 @@ def test_client_id_should_be_a_valid_scope(self):
 @patch("msal.authority.tenant_discovery", new=Mock(return_value={
     "authorization_endpoint": "https://contoso.com/placeholder",
     "token_endpoint": "https://contoso.com/placeholder",
+    "issuer": "https://contoso.com/placeholder",
     }))
 class TestMsalBehaviorWithoutPyMsalRuntimeOrBroker(unittest.TestCase):
 

tests/test_authority.py

@@ -83,6 +83,7 @@ def test_invalid_host_skipping_validation_can_be_turned_off(self):
 @patch("msal.authority.tenant_discovery", return_value={
     "authorization_endpoint": "https://contoso.com/placeholder",
     "token_endpoint": "https://contoso.com/placeholder",
+    "issuer": "https://contoso.com/tenant",
     })
 class TestCiamAuthority(unittest.TestCase):
     http_client = MinimalHttpClient()
@@ -259,6 +260,7 @@ class MockResponse(object):
 @patch("msal.authority.tenant_discovery", return_value={
     "authorization_endpoint": "https://contoso.com/placeholder",
     "token_endpoint": "https://contoso.com/placeholder",
+    "issuer": "https://contoso.com/tenant",
     })
 @patch("msal.authority._instance_discovery")
 @patch.object(msal.ClientApplication, "_get_instance_metadata", return_value=[])
@@ -361,7 +363,7 @@ def test_no_issuer(self, tenant_discovery_mock):
     def test_same_scheme_and_host_different_path(self, tenant_discovery_mock):
         """Test when issuer has same scheme and host but different path"""
         authority_url = "https://example.com/tenant"
-        issuer = "https://example.com/different/path"
+        issuer = f"https://{WORLD_WIDE}/tenant"
         authority = self._create_authority_with_issuer(authority_url, issuer, tenant_discovery_mock)
         self.assertTrue(authority.has_valid_issuer(), "Issuer should be valid when it has the same scheme and host")