From 555de27567183861a5dce77029f499a10b28ee05 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Tue, 26 Jun 2018 15:27:20 +0200 Subject: Validate OAuth2 redirect uri Signed-off-by: Roeland Jago Douma --- apps/oauth2/tests/Controller/SettingsControllerTest.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'apps/oauth2/tests') diff --git a/apps/oauth2/tests/Controller/SettingsControllerTest.php b/apps/oauth2/tests/Controller/SettingsControllerTest.php index 5dddbc65e4c..942aa5c481b 100644 --- a/apps/oauth2/tests/Controller/SettingsControllerTest.php +++ b/apps/oauth2/tests/Controller/SettingsControllerTest.php @@ -26,7 +26,9 @@ use OCA\OAuth2\Controller\SettingsController; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\ClientMapper; +use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\IL10N; use OCP\IRequest; use OCP\Security\ISecureRandom; use Test\TestCase; @@ -53,6 +55,9 @@ class SettingsControllerTest extends TestCase { $this->secureRandom = $this->createMock(ISecureRandom::class); $this->accessTokenMapper = $this->createMock(AccessTokenMapper::class); $this->defaultTokenMapper = $this->createMock(DefaultTokenMapper::class); + $l = $this->createMock(IL10N::class); + $l->method('t') + ->willReturnArgument(0); $this->settingsController = new SettingsController( 'oauth2', @@ -60,7 +65,8 @@ class SettingsControllerTest extends TestCase { $this->clientMapper, $this->secureRandom, $this->accessTokenMapper, - $this->defaultTokenMapper + $this->defaultTokenMapper, + $l ); } @@ -178,4 +184,11 @@ class SettingsControllerTest extends TestCase { ], ], $data); } + + public function testInvalidRedirectUri() { + $result = $this->settingsController->addClient('test', 'invalidurl'); + + $this->assertEquals(Http::STATUS_BAD_REQUEST, $result->getStatus()); + $this->assertSame(['message' => 'Your redirect url needs to be a full url for example: https://yourdomain.com/path'], $result->getData()); + } } -- cgit v1.2.3