mirror of
https://github.com/usebruno/bruno.git
synced 2024-12-27 00:59:12 +01:00
46df2e967f
* Check OAuth2 redirect URL for matching callback URL and authorization code in query parameters In an Authorization code flow, there may be multiple intermediate redirects before reaching the final one which matches the callback URL and has a code in the query params. We should wait until we see a redirect URI that matches both the conditions. This fixes the issue where, when a redirect contains `code` as a query param but is not the final one (i.e., is not to the callback URL) an error is thrown saying the callback URL is invalid. Fixes #2147 * Add test cases for callback URL check * Update check to cover URLs with same host but different endpoints
20 lines
766 B
JavaScript
20 lines
766 B
JavaScript
const { matchesCallbackUrl } = require('../../src/ipc/network/authorize-user-in-window');
|
|
|
|
describe('matchesCallbackUrl', () => {
|
|
const testCases = [
|
|
{ url: 'https://random-url/endpoint', expected: false },
|
|
{ url: 'https://random-url/endpoint?code=abcd', expected: false },
|
|
{ url: 'https://callback.url/endpoint?code=abcd', expected: true },
|
|
{ url: 'https://callback.url/endpoint/?code=abcd', expected: true },
|
|
{ url: 'https://callback.url/random-endpoint/?code=abcd', expected: false }
|
|
];
|
|
|
|
it.each(testCases)('$url - should be $expected', ({ url, expected }) => {
|
|
let callBackUrl = 'https://callback.url/endpoint';
|
|
|
|
let actual = matchesCallbackUrl(new URL(url), new URL(callBackUrl));
|
|
|
|
expect(actual).toBe(expected);
|
|
});
|
|
});
|