Skip to content

Commit

Permalink
authorize: Fixes implicit detection in error writer (#277)
Browse files Browse the repository at this point in the history
  • Loading branch information
@arekkas
arekkas committed May 24, 2018
1 parent 91e7a4c commit 608bf5f
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 1 deletion.
2 changes: 1 addition & 1 deletion authorize_error.go
View file
Expand Up @@ -59,7 +59,7 @@ func (c *Fosite) WriteAuthorizeError(rw http.ResponseWriter, ar AuthorizeRequest
query.Add("error_hint", rfcerr.Hint)
}

if ar.GetResponseTypes().Exact("token") || len(ar.GetResponseTypes()) > 1 {
if !ar.GetResponseTypes().Exact("code") {
redirectURI.Fragment = query.Encode()
} else {
for key, values := range redirectURI.Query() {
Expand Down
36 changes: 36 additions & 0 deletions authorize_error_test.go
View file
Expand Up @@ -213,6 +213,42 @@ func TestWriteAuthorizeError(t *testing.T) {
assert.Equal(t, a.String(), b.String())
},
},
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().MaxTimes(2).Return(Arguments([]string{"id_token"}))
rw.EXPECT().Header().Return(header)
rw.EXPECT().WriteHeader(http.StatusFound)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar")
a.Fragment = "error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate"
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a.String(), b.String())
},
},
{
debug: true,
err: ErrInvalidRequest.WithDebug("with-debug"),
mock: func(rw *MockResponseWriter, req *MockAuthorizeRequester) {
req.EXPECT().IsRedirectURIValid().Return(true)
req.EXPECT().GetRedirectURI().Return(copyUrl(purls[1]))
req.EXPECT().GetState().Return("foostate")
req.EXPECT().GetResponseTypes().MaxTimes(2).Return(Arguments([]string{"token"}))
rw.EXPECT().Header().Return(header)
rw.EXPECT().WriteHeader(http.StatusFound)
},
checkHeader: func(t *testing.T, k int) {
a, _ := url.Parse("https://foobar.com/?foo=bar")
a.Fragment = "error=invalid_request&error_debug=with-debug&error_description=The+request+is+missing+a+required+parameter%2C+includes+an+invalid+parameter+value%2C+includes+a+parameter+more+than+once%2C+or+is+otherwise+malformed&error_hint=Make+sure+that+the+various+parameters+are+correct%2C+be+aware+of+case+sensitivity+and+trim+your+parameters.+Make+sure+that+the+client+you+are+using+has+exactly+whitelisted+the+redirect_uri+you+specified.&state=foostate"
b, _ := url.Parse(header.Get("Location"))
assert.Equal(t, a.String(), b.String())
},
},
} {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
oauth2 := &Fosite{
Expand Down

0 comments on commit 608bf5f

Please sign in to comment.