nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Flash error messages when redirect_uri is invalid

Browse source
This commit is contained in:
theworldbright 2015-10-22 20:34:40 -07:00
parent e4edad0646
commit 82600003b3
3 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/controllers/api/openid_connect/authorizations_controller.rb
View file

@ -189,11 +189,13 @@ module Api
if app && app.redirect_uris.include?(params[:redirect_uri]) if app && app.redirect_uris.include?(params[:redirect_uri])
redirect_prompt_error_display(error, error_description) redirect_prompt_error_display(error, error_description)
else else
render json: {error: "bad_request", flash[:error] = I18n.t("api.openid_connect.authorizations.new.client_id_not_found",
description: "No client with client_id #{params[:client_id]} found"} client_id: params[:client_id], redirect_uri: params[:redirect_uri])
redirect_to root_path
end end
else else
render json: {error: "bad_request", description: "Missing client id or redirect URI"} flash[:error] = I18n.t("api.openid_connect.authorizations.new.bad_request")
redirect_to root_path
end end
end end

2
config/locales/diaspora/en.yml
View file

@ -890,6 +890,8 @@ en:
no_requirement: "%{name} requires no permissions" no_requirement: "%{name} requires no permissions"
approve: "Approve" approve: "Approve"
deny: "Deny" deny: "Deny"
bad_request: "Missing client id or redirect URI"
client_id_not_found: "No client with client_id %{client_id} with redirect URI %{redirect_uri} found"
destroy: destroy:
fail: "The attempt to revoke the authorization with ID %{id} has failed" fail: "The attempt to revoke the authorization with ID %{id} has failed"
user_applications: user_applications:

17
spec/controllers/api/openid_connect/authorizations_controller_spec.rb
View file

@ -35,7 +35,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
it "should return an bad request error" do it "should return an bad request error" do
post :new, redirect_uri: "http://localhost:3000/", response_type: "id_token", post :new, redirect_uri: "http://localhost:3000/", response_type: "id_token",
scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16) scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
expect(response.body).to match("bad_request") expect(response).to redirect_to root_path
expect(flash[:error]).to include("Missing client id")
end end
end end
@ -57,7 +58,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
it "should return an invalid request error" do it "should return an invalid request error" do
post :new, client_id: client_with_multiple_redirects.client_id, response_type: "id_token", post :new, client_id: client_with_multiple_redirects.client_id, response_type: "id_token",
scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16) scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)
expect(response.body).to match("bad_request") expect(response).to redirect_to root_path
expect(flash[:error]).to include("Missing client id or redirect URI")
end end
end end
@ -65,7 +67,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
it "should return an invalid request error" do it "should return an invalid request error" do
post :new, client_id: client.client_id, redirect_uri: "http://localhost:2000/", post :new, client_id: client.client_id, redirect_uri: "http://localhost:2000/",
response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16) response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16)
expect(response.body).to match("bad_request") expect(response).to redirect_to root_path
expect(flash[:error]).to include("No client")
end end
end end
@ -129,8 +132,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
it "should return an account_selection_required error" do it "should return an account_selection_required error" do
post :new, client_id: "random", redirect_uri: "http://localhost:3000/", post :new, client_id: "random", redirect_uri: "http://localhost:3000/",
response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none" response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none"
json_body = JSON.parse(response.body) expect(response).to redirect_to root_path
expect(json_body["error"]).to match("bad_request") expect(flash[:error]).to include("No client")
end end
end end
@ -138,8 +141,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :controller do
it "should return an account_selection_required error" do it "should return an account_selection_required error" do
post :new, client_id: client.client_id, redirect_uri: "http://randomuri:3000/", post :new, client_id: client.client_id, redirect_uri: "http://randomuri:3000/",
response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none" response_type: "id_token", scope: "openid", state: 1234, display: "page", prompt: "none"
json_body = JSON.parse(response.body) expect(response).to redirect_to root_path
expect(json_body["error"]).to match("bad_request") expect(flash[:error]).to include("No client")
end end
end end