From c15e2887bc262a7dae2df741c7ba06f866272272 Mon Sep 17 00:00:00 2001 From: Martin Heide Date: Mon, 2 Nov 2020 13:41:56 +0000 Subject: [PATCH] Add oob, device and localhost redirect URI tests Signed-off-by: Martin Heide --- server/oauth2_test.go | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/server/oauth2_test.go b/server/oauth2_test.go index 1d9fa083..997373fc 100644 --- a/server/oauth2_test.go +++ b/server/oauth2_test.go @@ -342,6 +342,7 @@ func TestValidRedirectURI(t *testing.T) { redirectURI: "http://foo.com/bar/baz", wantValid: false, }, + // These special desktop + device + localhost URIs are allowed by default. { client: storage.Client{ Public: true, @@ -349,6 +350,13 @@ func TestValidRedirectURI(t *testing.T) { redirectURI: "urn:ietf:wg:oauth:2.0:oob", wantValid: true, }, + { + client: storage.Client{ + Public: true, + }, + redirectURI: "/device/callback", + wantValid: true, + }, { client: storage.Client{ Public: true, @@ -387,6 +395,48 @@ func TestValidRedirectURI(t *testing.T) { redirectURI: "http://foo.com/bar/baz", wantValid: false, }, + // These special desktop + device + localhost URIs are allowed even when RedirectURIs is non-empty. + { + client: storage.Client{ + Public: true, + RedirectURIs: []string{"http://foo.com/bar"}, + }, + redirectURI: "urn:ietf:wg:oauth:2.0:oob", + wantValid: true, + }, + { + client: storage.Client{ + Public: true, + RedirectURIs: []string{"http://foo.com/bar"}, + }, + redirectURI: "/device/callback", + wantValid: true, + }, + { + client: storage.Client{ + Public: true, + RedirectURIs: []string{"http://foo.com/bar"}, + }, + redirectURI: "http://localhost:8080/", + wantValid: true, + }, + { + client: storage.Client{ + Public: true, + RedirectURIs: []string{"http://foo.com/bar"}, + }, + redirectURI: "http://localhost:991/bar", + wantValid: true, + }, + { + client: storage.Client{ + Public: true, + RedirectURIs: []string{"http://foo.com/bar"}, + }, + redirectURI: "http://localhost", + wantValid: true, + }, + // Non-localhost URIs are not allowed implicitly. { client: storage.Client{ Public: true,