MCPcopy
hub / github.com/authgear/authgear-server / TestParseRedirectURI

Function TestParseRedirectURI

pkg/lib/oauth/handler/resolve_test.go:25–123  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

23}
24
25func TestParseRedirectURI(t *testing.T) {
26 clientConfig := &config.OAuthClientConfig{
27 RedirectURIs: []string{
28 "http://app.example.com/handle_auth",
29 "com.example.myapp://host/path",
30 },
31 CustomUIURI: "http://authui.example.com/auth",
32 }
33
34 httpOrigin := httputil.HTTPOrigin("http://auth.example.com")
35 httpProto := httputil.HTTPProto("http")
36 whitelistedDomains := []string{
37 "auth.example2.com",
38 "auth.example3.com",
39 }
40
41 Convey("parseRedirectURI", t, func() {
42 Convey("should use default redirect uri", func() {
43 u, err := parseRedirectURI(&config.OAuthClientConfig{
44 RedirectURIs: []string{
45 "http://app.example.com/handle_auth",
46 },
47 }, httpProto, httpOrigin, whitelistedDomains, []string{}, &mockOAuthRequestImpl{})
48
49 So(u.String(), ShouldResemble, "http://app.example.com/handle_auth")
50 So(err, ShouldBeNil)
51 })
52
53 Convey("should allow allowlisted redirect uri", func() {
54 u, err := parseRedirectURI(clientConfig, httpProto, httpOrigin, whitelistedDomains, []string{}, &mockOAuthRequestImpl{
55 "com.example.myapp://host/path",
56 })
57
58 So(u.String(), ShouldResemble, "com.example.myapp://host/path")
59 So(err, ShouldBeNil)
60 })
61
62 Convey("should exact match", func() {
63 _, err := parseRedirectURI(clientConfig, httpProto, httpOrigin, whitelistedDomains, []string{}, &mockOAuthRequestImpl{
64 "http://app.example.com/handle_auth/",
65 })
66
67 So(err, ShouldResemble, protocol.NewErrorResponse("invalid_request", "redirect URI is not allowed"))
68 })
69
70 Convey("should allow URIs at same origin as the authgear server", func() {
71 u, err := parseRedirectURI(clientConfig, httpProto, httpOrigin, whitelistedDomains, []string{}, &mockOAuthRequestImpl{
72 "http://auth.example.com/settings",
73 })
74
75 So(u.String(), ShouldResemble, "http://auth.example.com/settings")
76 So(err, ShouldBeNil)
77 })
78
79 Convey("should allow URIs at same origin as the custom ui uri", func() {
80 u, err := parseRedirectURI(clientConfig, httpProto, httpOrigin, whitelistedDomains, []string{}, &mockOAuthRequestImpl{
81 "http://authui.example.com/auth/complete",
82 })

Callers

nothing calls this directly

Calls 5

HTTPOriginTypeAlias · 0.92
HTTPProtoTypeAlias · 0.92
NewErrorResponseFunction · 0.92
parseRedirectURIFunction · 0.70
StringMethod · 0.65

Tested by

no test coverage detected