From 262bdbc08e18ab4fe1247d83a3b38dcbf5ad795e Mon Sep 17 00:00:00 2001 From: ErickSkrauch Date: Sat, 10 Dec 2022 02:51:47 +0100 Subject: [PATCH] Fixes #17. Simplify redirect_uri validation rules to allow localhost --- api/modules/oauth/models/ApplicationType.php | 11 ++++- .../dev/applications/CreateClientCest.php | 47 +++++++------------ 2 files changed, 25 insertions(+), 33 deletions(-) diff --git a/api/modules/oauth/models/ApplicationType.php b/api/modules/oauth/models/ApplicationType.php index c4745a2..e53fd6a 100644 --- a/api/modules/oauth/models/ApplicationType.php +++ b/api/modules/oauth/models/ApplicationType.php @@ -3,11 +3,12 @@ declare(strict_types=1); namespace api\modules\oauth\models; +use Closure; use common\helpers\Error as E; use common\models\OauthClient; use yii\helpers\ArrayHelper; -class ApplicationType extends BaseOauthClientType { +final class ApplicationType extends BaseOauthClientType { public $description; @@ -16,7 +17,7 @@ class ApplicationType extends BaseOauthClientType { public function rules(): array { return ArrayHelper::merge(parent::rules(), [ ['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED], - ['redirectUri', 'url', 'validSchemes' => ['[\w]+'], 'message' => E::REDIRECT_URI_INVALID], + ['redirectUri', Closure::fromCallable([$this, 'validateUrl'])], ['description', 'string'], ]); } @@ -27,4 +28,10 @@ class ApplicationType extends BaseOauthClientType { $client->redirect_uri = $this->redirectUri; } + private function validateUrl(string $attribute): void { + if (!filter_var($this->$attribute, FILTER_VALIDATE_URL)) { + $this->addError($attribute, E::REDIRECT_URI_INVALID); + } + } + } diff --git a/api/tests/functional/dev/applications/CreateClientCest.php b/api/tests/functional/dev/applications/CreateClientCest.php index a5523a4..ee95cbc 100644 --- a/api/tests/functional/dev/applications/CreateClientCest.php +++ b/api/tests/functional/dev/applications/CreateClientCest.php @@ -6,43 +6,14 @@ namespace api\tests\functional\dev\applications; use api\tests\_pages\OauthRoute; use api\tests\FunctionalTester; -class CreateClientCest { +final class CreateClientCest { - /** - * @var OauthRoute - */ - private $route; + private OauthRoute $route; public function _before(FunctionalTester $I) { $this->route = new OauthRoute($I); } - public function testCreateApplicationWithWrongParams(FunctionalTester $I) { - $I->amAuthenticated('admin'); - - $this->route->createClient('application', []); - $I->canSeeResponseCodeIs(200); - $I->canSeeResponseContainsJson([ - 'success' => false, - 'errors' => [ - 'name' => 'error.name_required', - 'redirectUri' => 'error.redirectUri_required', - ], - ]); - - $this->route->createClient('application', [ - 'name' => 'my test oauth client', - 'redirectUri' => 'localhost', - ]); - $I->canSeeResponseCodeIs(200); - $I->canSeeResponseContainsJson([ - 'success' => false, - 'errors' => [ - 'redirectUri' => 'error.redirectUri_invalid', - ], - ]); - } - public function testCreateApplication(FunctionalTester $I) { $I->amAuthenticated('admin'); $this->route->createClient('application', [ @@ -109,4 +80,18 @@ class CreateClientCest { ]); } + public function testCreateApplicationWithWrongParams(FunctionalTester $I): void { + $I->amAuthenticated('admin'); + + $this->route->createClient('application', []); + $I->canSeeResponseCodeIs(200); + $I->canSeeResponseContainsJson([ + 'success' => false, + 'errors' => [ + 'name' => 'error.name_required', + 'redirectUri' => 'error.redirectUri_required', + ], + ]); + } + }