nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Validate sector identifier uri and redirect uri

Browse source
This commit is contained in:
theworldbright 2015-09-25 13:13:36 -07:00
parent 5f19d8ffe6
commit 1dcefdb998
5 changed files with 62 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
app/controllers/api/openid_connect/clients_controller.rb
View file

@ -5,10 +5,15 @@ module Api
http_error_page_as_json(e) http_error_page_as_json(e)
end end
rescue_from OpenIDConnect::ValidationFailed, ActiveRecord::RecordInvalid do |e| rescue_from OpenIDConnect::ValidationFailed,
ActiveRecord::RecordInvalid, Api::OpenidConnect::Exception::InvalidSectorIdentifierUri do |e|
validation_fail_as_json(e) validation_fail_as_json(e)
end end
rescue_from Api::OpenidConnect::Exception::InvalidRedirectUri do |e|
validation_fail_redirect_uri(e)
end
def create def create
registrar = OpenIDConnect::Client::Registrar.new(request.url, params) registrar = OpenIDConnect::Client::Registrar.new(request.url, params)
client = Api::OpenidConnect::OAuthApplication.register! registrar client = Api::OpenidConnect::OAuthApplication.register! registrar
@ -27,19 +32,15 @@ module Api
private private
def http_error_page_as_json(e) def http_error_page_as_json(e)
render json: render json: { error: :invalid_request, error_description: e.message}, status: 400
{
error: :invalid_request,
error_description: e.message
}, status: 400
end end
def validation_fail_as_json(e) def validation_fail_as_json(e)
render json: render json: {error: :invalid_client_metadata, error_description: e.message}, status: 400
{ end
error: :invalid_client_metadata,
error_description: e.message def validation_fail_redirect_uri(e)
}, status: 400 render json: {error: :invalid_redirect_uri, error_description: e.message}, status: 400
end end
end end
end end

25
app/models/api/openid_connect/o_auth_application.rb
View file

@ -39,7 +39,30 @@ module Api
private private
def build_client_application(registrar) def build_client_application(registrar)
create! registrar_attributes(registrar) attributes = registrar_attributes(registrar)
check_sector_identifier_uri(attributes)
check_redirect_uris(attributes)
create! attributes
end
def check_sector_identifier_uri(attributes)
sector_identifier_uri = attributes[:sector_identifier_uri]
return unless sector_identifier_uri
uri = URI.parse(sector_identifier_uri)
response = Net::HTTP.get_response(uri)
sector_identifier_uri_json = JSON.parse(response.body)
redirect_uris = attributes[:redirect_uris]
sector_identifier_uri_includes_redirect_uris = (redirect_uris - sector_identifier_uri_json).empty?
return if sector_identifier_uri_includes_redirect_uris
raise Api::OpenidConnect::Exception::InvalidSectorIdentifierUri.new
end
def check_redirect_uris(attributes)
redirect_uris = attributes[:redirect_uris]
uri_array = redirect_uris.map {|uri| URI(uri) }
any_uri_contains_fragment = uri_array.any? {|uri| !uri.fragment.nil? }
return unless any_uri_contains_fragment
raise Api::OpenidConnect::Exception::InvalidRedirectUri.new
end end
def supported_metadata def supported_metadata

11
lib/api/openid_connect/exception/invalid_redirect_uri.rb Normal file
View file

@ -0,0 +1,11 @@
module Api
module OpenidConnect
module Exception
class InvalidRedirectUri < ::ArgumentError
def initialize
super "Redirect uri contains fragment"
end
end
end
end
end

11
lib/api/openid_connect/exception/invalid_sector_identifier_uri.rb Normal file
View file

@ -0,0 +1,11 @@
module Api
module OpenidConnect
module Exception
class InvalidSectorIdentifierUri < ::ArgumentError
def initialize
super "Invalid sector identifier uri"
end
end
end
end
end

4
spec/controllers/api/openid_connect/clients_controller_spec.rb
View file

@ -4,6 +4,10 @@ describe Api::OpenidConnect::ClientsController, type: :controller do
describe "#create" do describe "#create" do
context "when valid parameters are passed" do context "when valid parameters are passed" do
it "should return a client id" do it "should return a client id" do
stub_request(:get, "http://example.com/uris")
.with(headers: {"Accept" => "*/*", "Accept-Encoding" => "gzip;q=1.0,deflate;q=0.6,identity;q=0.3",
"Host" => "example.com", "User-Agent" => "Ruby"})
.to_return(status: 200, body: "[\"http://localhost\"]", headers: {})
post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client", post :create, redirect_uris: ["http://localhost"], client_name: "diaspora client",
response_types: [], grant_types: [], application_type: "web", contacts: [], response_types: [], grant_types: [], application_type: "web", contacts: [],
logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client", logo_uri: "http://example.com/logo.png", client_uri: "http://example.com/client",