From e2d8a4e3969fe07c7a09a4443e0263cdbbae3c73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20=C5=BDitnik?= Date: Fri, 6 Apr 2018 04:20:20 +0200 Subject: [PATCH] Fix(auth): improper resolution of relative token urls (#4180) * fix(auth): improper resolution of relative token urls * revert cc58ba7 for OAS2 In OAS2, relative token URLs are resolved against the host that serves the specs. --- src/core/plugins/auth/actions.js | 13 +++--- test/core/plugins/auth/actions.js | 75 +++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+), 5 deletions(-) create mode 100644 test/core/plugins/auth/actions.js diff --git a/src/core/plugins/auth/actions.js b/src/core/plugins/auth/actions.js index d264c65d..f578f73d 100644 --- a/src/core/plugins/auth/actions.js +++ b/src/core/plugins/auth/actions.js @@ -1,3 +1,4 @@ +import parseUrl from "url-parse" import win from "core/window" import { btoa, buildFormData } from "core/utils" @@ -139,13 +140,15 @@ export const authorizeAccessCodeWithBasicAuthentication = ( { auth, redirectUrl return authActions.authorizeRequest({body: buildFormData(form), name, url: schema.get("tokenUrl"), auth, headers}) } -export const authorizeRequest = ( data ) => ( { fn, getConfigs, authActions, errActions, authSelectors } ) => { +export const authorizeRequest = ( data ) => ( { fn, getConfigs, authActions, errActions, oas3Selectors, specSelectors } ) => { let { body, query={}, headers={}, name, url, auth } = data - let { additionalQueryStringParams } = authSelectors.getConfigs() || {} - let fetchUrl = url - for (let key in additionalQueryStringParams) { - url += "&" + key + "=" + encodeURIComponent(additionalQueryStringParams[key]) + let fetchUrl + + if (specSelectors.isOAS3()) { + fetchUrl = parseUrl(url, oas3Selectors.selectedServer()).toString() + } else { + fetchUrl = parseUrl(url, specSelectors.url()).toString() } let _headers = Object.assign({ diff --git a/test/core/plugins/auth/actions.js b/test/core/plugins/auth/actions.js new file mode 100644 index 00000000..bce850ba --- /dev/null +++ b/test/core/plugins/auth/actions.js @@ -0,0 +1,75 @@ +/* eslint-env mocha */ +import expect, { createSpy } from "expect" +import { authorizeRequest } from "corePlugins/auth/actions" + +describe("auth plugin - actions", () => { + + describe("authorizeRequest", () => { + + [ + [ + { + oas3: true, + server: "https://host/resource", + scheme: "http", + host: null, + url: "http://specs/file", + }, + "https://host/authorize" + ], + [ + { + oas3: false, + server: null, + scheme: "https", + host: undefined, + url: "https://specs/file", + }, + "https://specs/authorize" + ], + [ + { + oas3: false, + server: null, + scheme: "https", + host: "host", + url: "http://specs/file", + }, + "http://specs/authorize" + ], + ].forEach(([{oas3, server, scheme, host, url}, expectedFetchUrl]) => { + it("should resolve authorization endpoint against the server URL", () => { + + // Given + const data = { + url: "/authorize" + } + const system = { + fn: { + fetch: createSpy().andReturn(Promise.resolve()) + }, + getConfigs: () => ({}), + authSelectors: { + getConfigs: () => ({}) + }, + oas3Selectors: { + selectedServer: () => server + }, + specSelectors: { + isOAS3: () => oas3, + operationScheme: () => scheme, + host: () => host, + url: () => url + } + } + + // When + authorizeRequest(data)(system) + + // Then + expect(system.fn.fetch.calls.length).toEqual(1) + expect(system.fn.fetch.calls[0].arguments[0]).toInclude({url: expectedFetchUrl}) + }) + }) + }) +})