This commit is contained in:
Kagami Sascha Rosylight 2023-06-29 02:35:55 +02:00
parent aa5d9f5d80
commit 357c65b356
2 changed files with 4 additions and 10 deletions

View File

@ -101,30 +101,22 @@ interface ClientInformation {
// Authorization endpoints verifying that a redirect_uri is allowed for use by a client MUST // Authorization endpoints verifying that a redirect_uri is allowed for use by a client MUST
// look for an exact match of the given redirect_uri in the request against the list of // look for an exact match of the given redirect_uri in the request against the list of
// redirect_uris discovered after resolving any relative URLs." // redirect_uris discovered after resolving any relative URLs."
async function discoverClientInformation(httpRequestService: HttpRequestService, id: string): Promise<ClientInformation> { async function discoverClientInformation(logger: Logger, httpRequestService: HttpRequestService, id: string): Promise<ClientInformation> {
try { try {
const res = await httpRequestService.send(id); const res = await httpRequestService.send(id);
console.log('TEST', 'marker1');
const redirectUris: string[] = []; const redirectUris: string[] = [];
const linkHeader = res.headers.get('link'); const linkHeader = res.headers.get('link');
if (linkHeader) { if (linkHeader) {
redirectUris.push(...httpLinkHeader.parse(linkHeader).get('rel', 'redirect_uri').map(r => r.uri)); redirectUris.push(...httpLinkHeader.parse(linkHeader).get('rel', 'redirect_uri').map(r => r.uri));
} }
console.log('TEST', 'marker2');
const fragment = JSDOM.fragment(await res.text()); const fragment = JSDOM.fragment(await res.text());
console.log('TEST', 'marker3');
redirectUris.push(...[...fragment.querySelectorAll<HTMLLinkElement>('link[rel=redirect_uri][href]')].map(el => el.href)); redirectUris.push(...[...fragment.querySelectorAll<HTMLLinkElement>('link[rel=redirect_uri][href]')].map(el => el.href));
console.log('TEST', 'marker4');
const name = fragment.querySelector<HTMLElement>('.h-app .p-name')?.textContent?.trim() ?? id; const name = fragment.querySelector<HTMLElement>('.h-app .p-name')?.textContent?.trim() ?? id;
console.log('TEST', 'marker5');
return { return {
id, id,
redirectUris: redirectUris.map(uri => new URL(uri, res.url).toString()), redirectUris: redirectUris.map(uri => new URL(uri, res.url).toString()),
@ -132,6 +124,7 @@ async function discoverClientInformation(httpRequestService: HttpRequestService,
}; };
} catch (err) { } catch (err) {
console.error(err); console.error(err);
logger.error('Failed to fetch client information', { err });
throw new AuthorizationError('Failed to fetch client information', 'server_error'); throw new AuthorizationError('Failed to fetch client information', 'server_error');
} }
} }
@ -406,7 +399,7 @@ export class OAuth2ProviderService {
} }
// Find client information from the remote. // Find client information from the remote.
const clientInfo = await discoverClientInformation(this.httpRequestService, clientUrl.href); const clientInfo = await discoverClientInformation(this.#logger, this.httpRequestService, clientUrl.href);
// Require the redirect URI to be included in an explicit list, per // Require the redirect URI to be included in an explicit list, per
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3 // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.1.3

View File

@ -173,6 +173,7 @@ describe('OAuth', () => {
afterEach(async () => { afterEach(async () => {
await fastify.close(); await fastify.close();
fastify.server.unref();
}); });
test('Full flow', async () => { test('Full flow', async () => {