Merge pull request #2538 from loopholelabs/2537-fix-json-response

Device Code Flow does not return application/json in Content-Type header
This commit is contained in:
Maksim Nabokikh 2022-05-30 17:55:24 +04:00 committed by GitHub
commit a858ffbcf2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions

View File

@ -141,6 +141,10 @@ func (s *Server) handleDeviceCode(w http.ResponseWriter, r *http.Request) {
// https://tools.ietf.org/html/rfc8628#section-3.2
w.Header().Set("Cache-Control", "no-store")
// Response type should be application/json according to
// https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
w.Header().Set("Content-Type", "application/json")
enc := json.NewEncoder(w)
enc.SetEscapeHTML(false)
enc.SetIndent("", " ")

View File

@ -52,6 +52,7 @@ func TestHandleDeviceCode(t *testing.T) {
requestType string
scopes []string
expectedResponseCode int
expectedContentType string
expectedServerResponse string
}{
{
@ -60,6 +61,7 @@ func TestHandleDeviceCode(t *testing.T) {
requestType: "POST",
scopes: []string{"openid", "profile", "email"},
expectedResponseCode: http.StatusOK,
expectedContentType: "application/json",
},
{
testName: "Invalid request Type (GET)",
@ -67,6 +69,7 @@ func TestHandleDeviceCode(t *testing.T) {
requestType: "GET",
scopes: []string{"openid", "profile", "email"},
expectedResponseCode: http.StatusBadRequest,
expectedContentType: "application/json",
},
}
for _, tc := range tests {
@ -101,6 +104,10 @@ func TestHandleDeviceCode(t *testing.T) {
t.Errorf("Unexpected Response Type. Expected %v got %v", tc.expectedResponseCode, rr.Code)
}
if rr.Header().Get("content-type") != tc.expectedContentType {
t.Errorf("Unexpected Response Content Type. Expected %v got %v", tc.expectedContentType, rr.Header().Get("content-type"))
}
body, err := io.ReadAll(rr.Body)
if err != nil {
t.Errorf("Could read token response %v", err)