From: Tom Hughes Date: Tue, 28 Jul 2015 11:13:18 +0000 (+0100) Subject: Allow customer URL schemas for OAuth callback URLs X-Git-Tag: live~4650 X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/098d1fc2351be0bd53ae26b42a9b136894c63346 Allow customer URL schemas for OAuth callback URLs Fixes #1019 --- diff --git a/app/models/client_application.rb b/app/models/client_application.rb index 11422e481..aa7cb1c34 100644 --- a/app/models/client_application.rb +++ b/app/models/client_application.rb @@ -10,7 +10,8 @@ class ClientApplication < ActiveRecord::Base validates :key, :presence => true, :uniqueness => true validates :name, :url, :secret, :presence => true validates :url, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i - validates :support_url, :callback_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i + validates :support_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i + validates :callback_url, :allow_blank => true, :format => %r{\A[a-z][a-z0-9.+-]*://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i before_validation :generate_keys, :on => :create diff --git a/test/fixtures/client_applications.yml b/test/fixtures/client_applications.yml index 2da7a9df8..13f9c086a 100644 --- a/test/fixtures/client_applications.yml +++ b/test/fixtures/client_applications.yml @@ -20,6 +20,7 @@ oauth_web_app: oauth_desktop_app: name: Some OAuth Desktop App created_at: "2009-04-21 00:00:00" + url: http://some.desktop.app.org/ support_url: http://some.desktop.app.org/support updated_at: "2009-04-21 00:00:00" user_id: 2 @@ -35,6 +36,7 @@ oauth_desktop_app: normal_user_app: name: Some OAuth Desktop App created_at: "2009-05-21 00:00:00" + url: http://some.desktop.app.org/ support_url: http://some.desktop.app.org/support updated_at: "2009-05-21 00:00:00" user_id: 1 diff --git a/test/integration/client_application_test.rb b/test/integration/client_applications_test.rb similarity index 98% rename from test/integration/client_application_test.rb rename to test/integration/client_applications_test.rb index f74e3dc22..2cc15bd56 100644 --- a/test/integration/client_application_test.rb +++ b/test/integration/client_applications_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class ClientApplicationTest < ActionDispatch::IntegrationTest +class ClientApplicationsTest < ActionDispatch::IntegrationTest fixtures :users, :client_applications ## diff --git a/test/models/client_application_test.rb b/test/models/client_application_test.rb new file mode 100644 index 000000000..604a5de33 --- /dev/null +++ b/test/models/client_application_test.rb @@ -0,0 +1,56 @@ +require "test_helper" + +class ClientApplicationTest < ActiveSupport::TestCase + fixtures :client_applications + + def test_url_valid + ok = ["http://example.com/test", "https://example.com/test"] + bad = ["", "ftp://example.com/test", "myapp://somewhere"] + + ok.each do |url| + app = client_applications(:normal_user_app).dup + app.url = url + assert app.valid?, "#{url} is invalid, when it should be" + end + + bad.each do |url| + app = client_applications(:normal_user_app) + app.url = url + assert !app.valid?, "#{url} is valid when it shouldn't be" + end + end + + def test_support_url_valid + ok = ["", "http://example.com/test", "https://example.com/test"] + bad = ["ftp://example.com/test", "myapp://somewhere", "gibberish"] + + ok.each do |url| + app = client_applications(:normal_user_app) + app.support_url = url + assert app.valid?, "#{url} is invalid, when it should be" + end + + bad.each do |url| + app = client_applications(:normal_user_app) + app.support_url = url + assert !app.valid?, "#{url} is valid when it shouldn't be" + end + end + + def test_callback_url_valid + ok = ["", "http://example.com/test", "https://example.com/test", "ftp://example.com/test", "myapp://somewhere"] + bad = ["gibberish"] + + ok.each do |url| + app = client_applications(:normal_user_app) + app.callback_url = url + assert app.valid?, "#{url} is invalid, when it should be" + end + + bad.each do |url| + app = client_applications(:normal_user_app) + app.callback_url = url + assert !app.valid?, "#{url} is valid when it shouldn't be" + end + end +end