From c15e2887bc262a7dae2df741c7ba06f866272272 Mon Sep 17 00:00:00 2001
From: Martin Heide <martin.heide@faro.com>
Date: Mon, 2 Nov 2020 13:41:56 +0000
Subject: [PATCH] Add oob, device and localhost redirect URI tests

Signed-off-by: Martin Heide <martin.heide@faro.com>
---
 server/oauth2_test.go | 50 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/server/oauth2_test.go b/server/oauth2_test.go
index 1d9fa083..997373fc 100644
--- a/server/oauth2_test.go
+++ b/server/oauth2_test.go
@@ -342,6 +342,7 @@ func TestValidRedirectURI(t *testing.T) {
 			redirectURI: "http://foo.com/bar/baz",
 			wantValid:   false,
 		},
+		// These special desktop + device + localhost URIs are allowed by default.
 		{
 			client: storage.Client{
 				Public: true,
@@ -349,6 +350,13 @@ func TestValidRedirectURI(t *testing.T) {
 			redirectURI: "urn:ietf:wg:oauth:2.0:oob",
 			wantValid:   true,
 		},
+		{
+			client: storage.Client{
+				Public: true,
+			},
+			redirectURI: "/device/callback",
+			wantValid:   true,
+		},
 		{
 			client: storage.Client{
 				Public: true,
@@ -387,6 +395,48 @@ func TestValidRedirectURI(t *testing.T) {
 			redirectURI: "http://foo.com/bar/baz",
 			wantValid:   false,
 		},
+		// These special desktop + device + localhost URIs are allowed even when RedirectURIs is non-empty.
+		{
+			client: storage.Client{
+				Public:       true,
+				RedirectURIs: []string{"http://foo.com/bar"},
+			},
+			redirectURI: "urn:ietf:wg:oauth:2.0:oob",
+			wantValid:   true,
+		},
+		{
+			client: storage.Client{
+				Public:       true,
+				RedirectURIs: []string{"http://foo.com/bar"},
+			},
+			redirectURI: "/device/callback",
+			wantValid:   true,
+		},
+		{
+			client: storage.Client{
+				Public:       true,
+				RedirectURIs: []string{"http://foo.com/bar"},
+			},
+			redirectURI: "http://localhost:8080/",
+			wantValid:   true,
+		},
+		{
+			client: storage.Client{
+				Public:       true,
+				RedirectURIs: []string{"http://foo.com/bar"},
+			},
+			redirectURI: "http://localhost:991/bar",
+			wantValid:   true,
+		},
+		{
+			client: storage.Client{
+				Public:       true,
+				RedirectURIs: []string{"http://foo.com/bar"},
+			},
+			redirectURI: "http://localhost",
+			wantValid:   true,
+		},
+		// Non-localhost URIs are not allowed implicitly.
 		{
 			client: storage.Client{
 				Public: true,