Fixes #17. Simplify redirect_uri validation rules to allow localhost

This commit is contained in:
ErickSkrauch 2022-12-10 02:51:47 +01:00
parent 9c39e97640
commit 262bdbc08e
No known key found for this signature in database
GPG Key ID: 669339FCBB30EE0E
2 changed files with 25 additions and 33 deletions

View File

@ -3,11 +3,12 @@ declare(strict_types=1);
namespace api\modules\oauth\models; namespace api\modules\oauth\models;
use Closure;
use common\helpers\Error as E; use common\helpers\Error as E;
use common\models\OauthClient; use common\models\OauthClient;
use yii\helpers\ArrayHelper; use yii\helpers\ArrayHelper;
class ApplicationType extends BaseOauthClientType { final class ApplicationType extends BaseOauthClientType {
public $description; public $description;
@ -16,7 +17,7 @@ class ApplicationType extends BaseOauthClientType {
public function rules(): array { public function rules(): array {
return ArrayHelper::merge(parent::rules(), [ return ArrayHelper::merge(parent::rules(), [
['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED], ['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED],
['redirectUri', 'url', 'validSchemes' => ['[\w]+'], 'message' => E::REDIRECT_URI_INVALID], ['redirectUri', Closure::fromCallable([$this, 'validateUrl'])],
['description', 'string'], ['description', 'string'],
]); ]);
} }
@ -27,4 +28,10 @@ class ApplicationType extends BaseOauthClientType {
$client->redirect_uri = $this->redirectUri; $client->redirect_uri = $this->redirectUri;
} }
private function validateUrl(string $attribute): void {
if (!filter_var($this->$attribute, FILTER_VALIDATE_URL)) {
$this->addError($attribute, E::REDIRECT_URI_INVALID);
}
}
} }

View File

@ -6,43 +6,14 @@ namespace api\tests\functional\dev\applications;
use api\tests\_pages\OauthRoute; use api\tests\_pages\OauthRoute;
use api\tests\FunctionalTester; use api\tests\FunctionalTester;
class CreateClientCest { final class CreateClientCest {
/** private OauthRoute $route;
* @var OauthRoute
*/
private $route;
public function _before(FunctionalTester $I) { public function _before(FunctionalTester $I) {
$this->route = new OauthRoute($I); $this->route = new OauthRoute($I);
} }
public function testCreateApplicationWithWrongParams(FunctionalTester $I) {
$I->amAuthenticated('admin');
$this->route->createClient('application', []);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'name' => 'error.name_required',
'redirectUri' => 'error.redirectUri_required',
],
]);
$this->route->createClient('application', [
'name' => 'my test oauth client',
'redirectUri' => 'localhost',
]);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'redirectUri' => 'error.redirectUri_invalid',
],
]);
}
public function testCreateApplication(FunctionalTester $I) { public function testCreateApplication(FunctionalTester $I) {
$I->amAuthenticated('admin'); $I->amAuthenticated('admin');
$this->route->createClient('application', [ $this->route->createClient('application', [
@ -109,4 +80,18 @@ class CreateClientCest {
]); ]);
} }
public function testCreateApplicationWithWrongParams(FunctionalTester $I): void {
$I->amAuthenticated('admin');
$this->route->createClient('application', []);
$I->canSeeResponseCodeIs(200);
$I->canSeeResponseContainsJson([
'success' => false,
'errors' => [
'name' => 'error.name_required',
'redirectUri' => 'error.redirectUri_required',
],
]);
}
} }