Address review findings: open redirect and teardown error handling

mattleibow · Copilot · mattleibow · commit 1a54996ed5ad · 2026-04-18T00:34:26.000+02:00
- Login endpoint now validates returnUrl is a well-formed relative URI
  to prevent open-redirect attacks (GPT 5.4 finding)
- Teardown script checks exit codes after each az ad app delete and
  preserves the setup data file if deletion fails (GPT 5.4 finding)

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/10.0/MauiBlazorWebEntraWorkforce/MauiBlazorWebEntraWorkforce.Web/Program.cs b/10.0/MauiBlazorWebEntraWorkforce/MauiBlazorWebEntraWorkforce.Web/Program.cs
@@ -81,8 +81,12 @@
 // Login endpoint: triggers the OIDC redirect to the workforce tenant
 app.MapGet("/authentication/login", async (HttpContext context, string? returnUrl) =>
 {
+    // Only allow local return URLs to prevent open-redirect attacks.
+    if (string.IsNullOrEmpty(returnUrl) || !Uri.IsWellFormedUriString(returnUrl, UriKind.Relative))
+        returnUrl = "/";
+
     await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme,
-        new AuthenticationProperties { RedirectUri = returnUrl ?? "/" });
+        new AuthenticationProperties { RedirectUri = returnUrl });
 });
 
 // Logout endpoint: clears cookie and signs out of Entra
diff --git a/10.0/MauiBlazorWebEntraWorkforce/scripts/Teardown-Azure.ps1 b/10.0/MauiBlazorWebEntraWorkforce/scripts/Teardown-Azure.ps1
@@ -41,8 +41,29 @@ if ($confirm -notmatch "^[Yy]$") {
     exit 0
 }
 
+$failed = $false
+
 az ad app delete --id $data.mauiClientId 2>&1 | Out-Null
+if ($LASTEXITCODE -ne 0) {
+    Write-Warning "Failed to delete MAUI app registration: $($data.mauiClientId)"
+    $failed = $true
+} else {
+    Write-Host "  Deleted MAUI app: $($data.mauiClientId)" -ForegroundColor Green
+}
+
 az ad app delete --id $data.webClientId 2>&1 | Out-Null
+if ($LASTEXITCODE -ne 0) {
+    Write-Warning "Failed to delete web app registration: $($data.webClientId)"
+    $failed = $true
+} else {
+    Write-Host "  Deleted web app: $($data.webClientId)" -ForegroundColor Green
+}
+
+if ($failed) {
+    Write-Error "One or more app registrations could not be deleted. The setup data file has been kept."
+    exit 1
+}
+
 Remove-Item $dataPath -Force
 
 Write-Host ""
