Commit 0b5f80b4 authored by Oswaldo Ferreira's avatar Oswaldo Ferreira

Handle redirect URI query concatenation in a better way

parent 24411b6f
...@@ -14,8 +14,12 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base ...@@ -14,8 +14,12 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base
# 2. Handle the callback call as we were a Github Enterprise instance client. # 2. Handle the callback call as we were a Github Enterprise instance client.
def callback def callback
# TODO: join url params in a better way # Handling URI query params concatenation.
redirect_to(session['redirect_uri'] + '&code=' + params[:code]) redirect_uri = URI.parse(session['redirect_uri'])
new_query = URI.decode_www_form(String(redirect_uri.query)) << ['code', params[:code]]
redirect_uri.query = URI.encode_www_form(new_query)
redirect_to redirect_uri.to_s
end end
# 3. Rewire and adjust access_token request accordingly. # 3. Rewire and adjust access_token request accordingly.
...@@ -25,13 +29,8 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base ...@@ -25,13 +29,8 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base
.merge(grant_type: 'authorization_code', redirect_uri: oauth_jira_callback_url) .merge(grant_type: 'authorization_code', redirect_uri: oauth_jira_callback_url)
auth_response = HTTParty.post(oauth_token_url, body: auth_params) auth_response = HTTParty.post(oauth_token_url, body: auth_params)
token_type, scope, token = auth_response['token_type'], auth_response['scope'], auth_response['access_token']
# TODO: join url params in a better way render text: "access_token=#{token}&scope=#{scope}&token_type=#{token_type}"
token = "access_token=" +
auth_response['access_token'] + "&scope=" +
auth_response['scope'] + "&token_type=" +
auth_response['token_type']
render text: token
end end
end end
...@@ -13,6 +13,14 @@ describe Oauth::Jira::AuthorizationsController do ...@@ -13,6 +13,14 @@ describe Oauth::Jira::AuthorizationsController do
describe 'GET callback' do describe 'GET callback' do
it 'redirects to redirect_uri on session with code param' do it 'redirects to redirect_uri on session with code param' do
session['redirect_uri'] = 'http://example.com'
get :callback, code: 'hash-123'
expect(response).to redirect_to('http://example.com?code=hash-123')
end
it 'redirects to redirect_uri on session with code param preserving existing query' do
session['redirect_uri'] = 'http://example.com?foo=bar' session['redirect_uri'] = 'http://example.com?foo=bar'
get :callback, code: 'hash-123' get :callback, code: 'hash-123'
...@@ -27,7 +35,7 @@ describe Oauth::Jira::AuthorizationsController do ...@@ -27,7 +35,7 @@ describe Oauth::Jira::AuthorizationsController do
'client_id' => 'client-123', 'client_id' => 'client-123',
'client_secret' => 'secret-123', 'client_secret' => 'secret-123',
'grant_type' => 'authorization_code', 'grant_type' => 'authorization_code',
'redirect_uri' => 'http://test.host/jira/login/oauth/callback' } 'redirect_uri' => 'http://test.host/-/jira/login/oauth/callback' }
expect(HTTParty).to receive(:post).with(oauth_token_url, body: expected_auth_params) do expect(HTTParty).to receive(:post).with(oauth_token_url, body: expected_auth_params) do
{ 'access_token' => 'fake-123', 'scope' => 'foo', 'token_type' => 'bar' } { 'access_token' => 'fake-123', 'scope' => 'foo', 'token_type' => 'bar' }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment