Fixes #17. Simplify redirect_uri validation rules to allow localhost

2025-05-31 14:11:46 +05:30 · 2022-12-10 02:51:47 +01:00
parent 9c39e97640
commit 262bdbc08e
2 changed files with 25 additions and 33 deletions
--- a/api/modules/oauth/models/ApplicationType.php
+++ b/api/modules/oauth/models/ApplicationType.php
@@ -3,11 +3,12 @@ declare(strict_types=1);

 namespace api\modules\oauth\models;

+use Closure;
 use common\helpers\Error as E;
 use common\models\OauthClient;
 use yii\helpers\ArrayHelper;

-class ApplicationType extends BaseOauthClientType {
+final class ApplicationType extends BaseOauthClientType {

    public $description;

@@ -16,7 +17,7 @@ class ApplicationType extends BaseOauthClientType {
    public function rules(): array {
        return ArrayHelper::merge(parent::rules(), [
            ['redirectUri', 'required', 'message' => E::REDIRECT_URI_REQUIRED],
-            ['redirectUri', 'url', 'validSchemes' => ['[\w]+'], 'message' => E::REDIRECT_URI_INVALID],
+            ['redirectUri', Closure::fromCallable([$this, 'validateUrl'])],
            ['description', 'string'],
        ]);
    }
@@ -27,4 +28,10 @@ class ApplicationType extends BaseOauthClientType {
        $client->redirect_uri = $this->redirectUri;
    }

+    private function validateUrl(string $attribute): void {
+        if (!filter_var($this->$attribute, FILTER_VALIDATE_URL)) {
+            $this->addError($attribute, E::REDIRECT_URI_INVALID);
+        }
+    }
+
 }
--- a/api/tests/functional/dev/applications/CreateClientCest.php
+++ b/api/tests/functional/dev/applications/CreateClientCest.php
@@ -6,43 +6,14 @@ namespace api\tests\functional\dev\applications;
 use api\tests\_pages\OauthRoute;
 use api\tests\FunctionalTester;

-class CreateClientCest {
+final class CreateClientCest {

-    /**
-     * @var OauthRoute
-     */
-    private $route;
+    private OauthRoute $route;

    public function _before(FunctionalTester $I) {
        $this->route = new OauthRoute($I);
    }

-    public function testCreateApplicationWithWrongParams(FunctionalTester $I) {
-        $I->amAuthenticated('admin');
-
-        $this->route->createClient('application', []);
-        $I->canSeeResponseCodeIs(200);
-        $I->canSeeResponseContainsJson([
-            'success' => false,
-            'errors' => [
-                'name' => 'error.name_required',
-                'redirectUri' => 'error.redirectUri_required',
-            ],
-        ]);
-
-        $this->route->createClient('application', [
-            'name' => 'my test oauth client',
-            'redirectUri' => 'localhost',
-        ]);
-        $I->canSeeResponseCodeIs(200);
-        $I->canSeeResponseContainsJson([
-            'success' => false,
-            'errors' => [
-                'redirectUri' => 'error.redirectUri_invalid',
-            ],
-        ]);
-    }
-
    public function testCreateApplication(FunctionalTester $I) {
        $I->amAuthenticated('admin');
        $this->route->createClient('application', [
@@ -109,4 +80,18 @@ class CreateClientCest {
        ]);
    }

+    public function testCreateApplicationWithWrongParams(FunctionalTester $I): void {
+        $I->amAuthenticated('admin');
+
+        $this->route->createClient('application', []);
+        $I->canSeeResponseCodeIs(200);
+        $I->canSeeResponseContainsJson([
+            'success' => false,
+            'errors' => [
+                'name' => 'error.name_required',
+                'redirectUri' => 'error.redirectUri_required',
+            ],
+        ]);
+    }
+
 }