Skip to content

Save incoming returnToUrl from query string in session #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 23, 2018
Merged

Save incoming returnToUrl from query string in session #19

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cbb4fe4
Save returnToUrl query param in session, in SelectProviderRequest.
dmitrizagidulin May 5, 2018
f99e532
Extract and decode the returnToUrl from session when resuming user wo…
dmitrizagidulin May 5, 2018
fac4d19
Remove encoding/decoding of returnToUrl.
dmitrizagidulin May 23, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions src/handlers/auth-callback-request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,17 +55,16 @@ class AuthCallbackRequest {
}

let requestUri = AuthCallbackRequest.fullUriFor(req)

let issuer = AuthCallbackRequest.extractIssuer(req)

let options = {
issuer,
requestUri,
oidcManager,
serverUri,
returnToUrl: req.session.returnToUrl,
response: res,
session: req.session,
returnToUrl: req.session.returnToUrl
session: req.session
}

let request = new AuthCallbackRequest(options)
Expand Down Expand Up @@ -158,6 +157,7 @@ class AuthCallbackRequest {
this.debug(' Resuming workflow, redirecting to ' + this.returnToUrl)

delete this.session.returnToUrl

return this.response.redirect(302, this.returnToUrl)
}
}
Expand Down
19 changes: 17 additions & 2 deletions src/handlers/select-provider-request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,16 @@ class SelectProviderRequest {
* @param [options.oidcManager] {OidcManager}
* @param [options.response] {HttpResponse}
* @param [options.serverUri] {string}
* @param [options.returnToUrl] {string} Url of the original resource
* a client was trying to access before being redirected to select provider
*/
constructor (options) {
this.webId = options.webId
this.oidcManager = options.oidcManager
this.response = options.response
this.session = options.session
this.serverUri = options.serverUri
this.returnToUrl = options.returnToUrl
}

/**
Expand Down Expand Up @@ -58,8 +61,9 @@ class SelectProviderRequest {
* @return {SelectProviderRequest}
*/
static fromParams (req, res) {
let body = req.body || {}
let webId = SelectProviderRequest.normalizeUri(body.webid)
const body = req.body || {}
const query = req.query || {}
const webId = SelectProviderRequest.normalizeUri(body.webid)

let oidcManager, serverUri
if (req.app && req.app.locals) {
Expand All @@ -72,6 +76,7 @@ class SelectProviderRequest {
webId,
oidcManager,
serverUri,
returnToUrl: query.returnToUrl,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one should normally already be decoded.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it automatically decoded by Express?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, query is the parsed query string, which includes decoding.

response: res,
session: req.session
}
Expand Down Expand Up @@ -124,6 +129,7 @@ class SelectProviderRequest {
static handlePost (request) {
return Promise.resolve()
.then(() => request.validate())
.then(() => request.saveReturnToUrl())
.then(() => request.selectProvider())
.catch(err => request.error(err))
}
Expand Down Expand Up @@ -163,6 +169,15 @@ class SelectProviderRequest {
.then(providerAuthUrl => this.response.redirect(providerAuthUrl))
}

/**
* Saves `returnToUrl` param for later use in AuthCallbackRequest handler,
* to redirect the client to the original resource they were trying to access
* before entering the authn workflow.
*/
saveReturnToUrl () {
this.session.returnToUrl = this.returnToUrl
}

/**
* @throws {Error}
*
Expand Down
5 changes: 3 additions & 2 deletions test/unit/auth-callback-request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ describe('AuthCallbackRequest', () => {

let oidcManager = {}
let host = { serverUri: 'https://example.com' }
let session = { returnToUrl: 'https://example.com/resource' }
let returnToUrl = 'https://example.com/resource#hash'
let session = { returnToUrl }

let req = {
session,
Expand All @@ -96,7 +97,7 @@ describe('AuthCallbackRequest', () => {
expect(request.oidcManager).to.equal(oidcManager)
expect(request.response).to.equal(res)
expect(request.session).to.equal(session)
expect(request.returnToUrl).to.equal(session.returnToUrl)
expect(request.returnToUrl).to.equal(returnToUrl)
})
})

Expand Down
20 changes: 20 additions & 0 deletions test/unit/select-provider-request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,17 @@ describe('SelectProviderRequest', () => {
let res = HttpMocks.createResponse()
let serverUri = 'https://example.com'

// 'https%3A%2F%2Foriginal.com%2Fpath%23hash'
const returnToUrl = encodeURIComponent('https://original.com/path#hash')

it('should initialize a SelectProviderRequest instance', () => {
let aliceWebId = 'https://alice.example.com'
let oidcManager = {}
let session = {}
let req = {
session,
body: { webid: aliceWebId },
query: { returnToUrl },
app: { locals: { oidc: oidcManager, host: { serverUri } } }
}

Expand All @@ -95,6 +99,7 @@ describe('SelectProviderRequest', () => {
expect(request.oidcManager).to.equal(oidcManager)
expect(request.session).to.equal(session)
expect(request.serverUri).to.equal(serverUri)
expect(request.returnToUrl).to.equal(returnToUrl)
})

it('should attempt to normalize an invalid webid uri', () => {
Expand Down Expand Up @@ -126,6 +131,19 @@ describe('SelectProviderRequest', () => {
})
})

describe('saveReturnToUrl()', () => {
it('should save the returnToUrl in session', () => {
let response = HttpMocks.createResponse()
let session = {}
let returnToUrl = encodeURIComponent('https://example.com/path#hash')
let request = new SelectProviderRequest({ response, session, returnToUrl })

request.saveReturnToUrl()

expect(request.session.returnToUrl).to.equal(returnToUrl)
})
})

describe('selectProvider()', () => {
it('should fetch the provider uri and redirect user to its /authorize endpoint', () => {
let webId = 'https://example.com/#me'
Expand Down Expand Up @@ -178,11 +196,13 @@ describe('SelectProviderRequest', () => {

request.validate = sinon.stub().resolves()
request.selectProvider = sinon.stub().resolves()
request.saveReturnToUrl = sinon.stub()

return SelectProviderRequest.handlePost(request)
.then(() => {
expect(request.validate).to.have.been.called()
expect(request.selectProvider).to.have.been.called()
expect(request.saveReturnToUrl).to.have.been.called()
})
})

Expand Down