Allow customer URL schemas for OAuth callback URLs
authorTom Hughes <tom@compton.nu>
Tue, 28 Jul 2015 11:13:18 +0000 (12:13 +0100)
committerTom Hughes <tom@compton.nu>
Tue, 28 Jul 2015 11:13:18 +0000 (12:13 +0100)
Fixes #1019

app/models/client_application.rb
test/fixtures/client_applications.yml
test/integration/client_applications_test.rb [moved from test/integration/client_application_test.rb with 98% similarity]
test/models/client_application_test.rb [new file with mode: 0644]

index 11422e4..aa7cb1c 100644 (file)
@@ -10,7 +10,8 @@ class ClientApplication < ActiveRecord::Base
   validates :key, :presence => true, :uniqueness => true
   validates :name, :url, :secret, :presence => true
   validates :url, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
-  validates :support_url, :callback_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
+  validates :support_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
+  validates :callback_url, :allow_blank => true, :format => %r{\A[a-z][a-z0-9.+-]*://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
 
   before_validation :generate_keys, :on => :create
 
index 2da7a9d..13f9c08 100644 (file)
@@ -20,6 +20,7 @@ oauth_web_app:
 oauth_desktop_app:
   name: Some OAuth Desktop App
   created_at: "2009-04-21 00:00:00"
+  url: http://some.desktop.app.org/
   support_url: http://some.desktop.app.org/support
   updated_at: "2009-04-21 00:00:00"
   user_id: 2
@@ -35,6 +36,7 @@ oauth_desktop_app:
 normal_user_app:
   name: Some OAuth Desktop App
   created_at: "2009-05-21 00:00:00"
+  url: http://some.desktop.app.org/
   support_url: http://some.desktop.app.org/support
   updated_at: "2009-05-21 00:00:00"
   user_id: 1
similarity index 98%
rename from test/integration/client_application_test.rb
rename to test/integration/client_applications_test.rb
index f74e3dc..2cc15bd 100644 (file)
@@ -1,6 +1,6 @@
 require "test_helper"
 
-class ClientApplicationTest < ActionDispatch::IntegrationTest
+class ClientApplicationsTest < ActionDispatch::IntegrationTest
   fixtures :users, :client_applications
 
   ##
diff --git a/test/models/client_application_test.rb b/test/models/client_application_test.rb
new file mode 100644 (file)
index 0000000..604a5de
--- /dev/null
@@ -0,0 +1,56 @@
+require "test_helper"
+
+class ClientApplicationTest < ActiveSupport::TestCase
+  fixtures :client_applications
+
+  def test_url_valid
+    ok = ["http://example.com/test", "https://example.com/test"]
+    bad = ["", "ftp://example.com/test", "myapp://somewhere"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app).dup
+      app.url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+
+  def test_support_url_valid
+    ok = ["", "http://example.com/test", "https://example.com/test"]
+    bad = ["ftp://example.com/test", "myapp://somewhere", "gibberish"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app)
+      app.support_url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.support_url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+
+  def test_callback_url_valid
+    ok = ["", "http://example.com/test", "https://example.com/test", "ftp://example.com/test", "myapp://somewhere"]
+    bad = ["gibberish"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app)
+      app.callback_url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.callback_url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+end