nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor OpenID specs to prevent duplicate client names

Browse source
This commit is contained in:
Benjamin Neff 2017-08-06 20:06:26 +02:00
parent 27f3b68f54
commit 385ab76077
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
4 changed files with 7 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
features/step_definitions/oidc_common_steps.rb
View file

@ -1,5 +1,5 @@
Given /^a client with a provided picture exists for user "([^\"]*)"$/ do |email| Given /^a client with a provided picture exists for user "([^\"]*)"$/ do |email|
app = FactoryGirl.create(:o_auth_application_with_image) app = FactoryGirl.create(:o_auth_application, logo_uri: "/assets/user/default.png")
user = User.find_by(email: email) user = User.find_by(email: email)
FactoryGirl.create(:auth_with_read, user: user, o_auth_application: app) FactoryGirl.create(:auth_with_read, user: user, o_auth_application: app)
end end

5
spec/controllers/api/openid_connect/authorizations_controller_spec.rb
View file

@ -1,7 +1,5 @@
describe Api::OpenidConnect::AuthorizationsController, type: :request do describe Api::OpenidConnect::AuthorizationsController, type: :request do
let!(:client) { FactoryGirl.create(:o_auth_application) } let!(:client) { FactoryGirl.create(:o_auth_application) }
let!(:client_with_xss) { FactoryGirl.create(:o_auth_application_with_xss) }
let!(:client_with_multiple_redirects) { FactoryGirl.create(:o_auth_application_with_multiple_redirects) }
before do before do
sign_in alice, scope: :user sign_in alice, scope: :user
@ -92,6 +90,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :request do
context "when multiple redirect URLs are pre-registered" do context "when multiple redirect URLs are pre-registered" do
it "should return an invalid request error" do it "should return an invalid request error" do
client_with_multiple_redirects =
FactoryGirl.create(:o_auth_application, redirect_uris: %w[http://localhost:3000/ http://localhost/])
post api_openid_connect_authorizations_new_path, params: {client_id: client_with_multiple_redirects.client_id, post api_openid_connect_authorizations_new_path, params: {client_id: client_with_multiple_redirects.client_id,
response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)} response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)}
expect(response.body).to include("The request was malformed") expect(response.body).to include("The request was malformed")
@ -186,6 +186,7 @@ describe Api::OpenidConnect::AuthorizationsController, type: :request do
context "when XSS script is passed as name" do context "when XSS script is passed as name" do
it "should escape html" do it "should escape html" do
client_with_xss = FactoryGirl.create(:o_auth_application_with_xss)
post api_openid_connect_authorizations_new_path, params: {client_id: client_with_xss.client_id, post api_openid_connect_authorizations_new_path, params: {client_id: client_with_xss.client_id,
redirect_uri: "http://localhost:3000/", redirect_uri: "http://localhost:3000/",
response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)} response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)}

24
spec/factories.rb
View file

@ -360,35 +360,15 @@ FactoryGirl.define do
factory(:status, :parent => :status_message) factory(:status, :parent => :status_message)
factory :o_auth_application, class: Api::OpenidConnect::OAuthApplication do factory :o_auth_application, class: Api::OpenidConnect::OAuthApplication do
client_name "Diaspora Test Client" client_name { "Diaspora Test Client #{r_str}" }
redirect_uris %w(http://localhost:3000/) redirect_uris %w(http://localhost:3000/)
end end
factory :o_auth_application_with_image, class: Api::OpenidConnect::OAuthApplication do factory :o_auth_application_with_ppid, parent: :o_auth_application do
client_name "Diaspora Test Client"
redirect_uris %w(http://localhost:3000/)
logo_uri "/assets/user/default.png"
end
factory :o_auth_application_with_ppid, class: Api::OpenidConnect::OAuthApplication do
client_name "Diaspora Test Client"
redirect_uris %w(http://localhost:3000/)
ppid true ppid true
sector_identifier_uri "https://example.com/uri" sector_identifier_uri "https://example.com/uri"
end end
factory :o_auth_application_with_ppid_with_specific_id, class: Api::OpenidConnect::OAuthApplication do
client_name "Diaspora Test Client"
redirect_uris %w(http://localhost:3000/)
ppid true
sector_identifier_uri "https://example.com/uri"
end
factory :o_auth_application_with_multiple_redirects, class: Api::OpenidConnect::OAuthApplication do
client_name "Diaspora Test Client"
redirect_uris %w(http://localhost:3000/ http://localhost/)
end
factory :o_auth_application_with_xss, class: Api::OpenidConnect::OAuthApplication do factory :o_auth_application_with_xss, class: Api::OpenidConnect::OAuthApplication do
client_name "<script>alert(0);</script>" client_name "<script>alert(0);</script>"
redirect_uris %w(http://localhost:3000/) redirect_uris %w(http://localhost:3000/)

2
spec/lib/api/openid_connect/token_endpoint_spec.rb
View file

@ -5,7 +5,7 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
o_auth_application: client, user: bob, redirect_uri: "http://localhost:3000/", scopes: ["openid"]) o_auth_application: client, user: bob, redirect_uri: "http://localhost:3000/", scopes: ["openid"])
} }
let!(:code) { auth.create_code } let!(:code) { auth.create_code }
let!(:client_with_specific_id) { FactoryGirl.create(:o_auth_application_with_ppid_with_specific_id) } let!(:client_with_specific_id) { FactoryGirl.create(:o_auth_application_with_ppid) }
let!(:auth_with_specific_id) do let!(:auth_with_specific_id) do
client_with_specific_id.client_id = "14d692cd53d9c1a9f46fd69e0e57443e" client_with_specific_id.client_id = "14d692cd53d9c1a9f46fd69e0e57443e"
client_with_specific_id.jwks = File.read(jwks_file_path) client_with_specific_id.jwks = File.read(jwks_file_path)