Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make sure scopes are added to redirectURL #6416

Merged
merged 7 commits into from Sep 22, 2020
Merged

make sure scopes are added to redirectURL #6416

merged 7 commits into from Sep 22, 2020

Conversation

dalbrx-forcam
Copy link
Contributor

@dalbrx-forcam dalbrx-forcam commented Sep 18, 2020
edited

Fixes a bug with OAuth2 scopes

When debugging we found out that there is an Array.isArray(scopes) call which fails because scopes is of type ImmutableList, so no scopes are added to the redirect URI.

see

swagger-ui/src/core/oauth2-authorize.js

Line 55 in 139592e

if (Array.isArray(scopes) && 0 < scopes.length) {

Description

Check if scopes has a toArray method and use the result of it if Array.isArray(scopes) returns false.

Motivation and Context

Fixed the following issue (when using implicit grant):

  1. Click on Authorize Button
  2. Select all available scopes
  3. Click on Popup Authorize Button (redirect URI does contain scopes)
  4. Call any API
  5. Cick on Authorize Button
  6. Deselect all available scopes
  7. Click on Popup Authorize Button (redirect URI does not contain scopes)
  8. Call any API
  9. Click on Authroize Button
  10. Select all available scopes
  11. Click on Popup Authorize Button (redirect URI does not contain scopes!)

How Has This Been Tested?

Tested the above steps manually.

Screenshots (if appropriate):

The following screenshot shows the object which fails the Array.isArray check:

swagger-scopes

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@dalbrx-forcam dalbrx-forcam changed the title make sure scopes are handled correctly if not an array but toArray me… make sure scopes are added to redirectURL Sep 18, 2020
@tim-lai tim-lai self-assigned this Sep 18, 2020
tim-lai
tim-lai suggested changes Sep 21, 2020
View reviewed changes
Copy link
Contributor

@tim-lai tim-lai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dalbrx-forcam Thanks for the PR! Requesting some refactoring. Also, any way we can get a Jest or Cypress test to track this?

src/core/oauth2-authorize.js Outdated Show resolved Hide resolved
src/core/oauth2-authorize.js Outdated Show resolved Hide resolved
@tim-lai tim-lai merged commit 95fd3e7 into swagger-api:master Sep 22, 2020
@tim-lai
Copy link
Contributor

tim-lai commented Sep 22, 2020

@dalbrx-forcam PR merged! Thanks for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tim-lai tim-lai tim-lai approved these changes

Assignees

@tim-lai tim-lai

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dalbrx-forcam @tim-lai