Handle hostless OAuth redirects (Closes #404)

2026-04-21 22:57:59 -04:00 · 2017-11-03 19:43:40 +01:00
parent e99a74201a
commit c2d6455636
2 changed files with 58 additions and 5 deletions
--- a/app/network/o-auth-2/tests/grant-authorization-code.test.js
+++ b/app/network/o-auth-2/tests/grant-authorization-code.test.js
@@ -107,4 +107,52 @@ describe('authorization_code', () => {
      error_description: null
    });
  });
+
+  it('handles hostless redirects', async () => {
+    createBWRedirectMock(`/redirect?code=code_123&state=${STATE}`);
+    window.fetch = jest.fn(() => new window.Response(
+      `access_token=token_123&token_type=token_type&scope=${SCOPE}`,
+      {headers: {'Content-Type': 'application/x-www-form-urlencoded'}}
+    ));
+
+    const result = await getToken(
+      AUTHORIZE_URL,
+      ACCESS_TOKEN_URL,
+      true,
+      CLIENT_ID,
+      CLIENT_SECRET,
+      REDIRECT_URI,
+      SCOPE,
+      STATE
+    );
+
+    // Check the request to fetch the token
+    expect(window.fetch.mock.calls).toEqual([[ACCESS_TOKEN_URL, {
+      body: [
+        'grant_type=authorization_code',
+        'code=code_123',
+        `redirect_uri=${encodeURIComponent(REDIRECT_URI)}`,
+        `state=${STATE}`,
+        `client_id=${CLIENT_ID}`,
+        `client_secret=${CLIENT_SECRET}`
+      ].join('&'),
+      method: 'POST',
+      headers: {
+        'Accept': 'application/x-www-form-urlencoded, application/json',
+        'Content-Type': 'application/x-www-form-urlencoded'
+      }
+    }]]);
+
+    // Check the expected value
+    expect(result).toEqual({
+      access_token: 'token_123',
+      refresh_token: null,
+      expires_in: null,
+      token_type: 'token_type',
+      scope: SCOPE,
+      error: null,
+      error_uri: null,
+      error_description: null
+    });
+  });
 });
--- a/app/network/o-auth-2/misc.js
+++ b/app/network/o-auth-2/misc.js
@@ -1,5 +1,6 @@
 import electron from 'electron';
 import uuid from 'uuid';
+import {resolve as urlResolve} from 'url';
 import querystring from 'querystring';

 const AUTH_WINDOW_SESSION_ID = uuid.v4();
@@ -51,13 +52,17 @@ export function authorizeUserInWindow (url, urlRegex = /.*/) {

    // Catch the redirect after login
    child.webContents.on('did-navigate', () => {
-      const url = child.webContents.getURL();
-      if (url.match(urlRegex)) {
-        console.log(`[oauth2] Matched redirect to "${url}" with ${urlRegex.toString()}`);
-        finalUrl = url;
+      // Be sure to resolve URL so that we can handle redirects with no host like /foo/bar
+      const currentUrl = urlResolve(url, child.webContents.getURL());
+      if (currentUrl.match(urlRegex)) {
+        console.log(`[oauth2] Matched redirect to "${currentUrl}" with ${urlRegex.toString()}`);
+        finalUrl = currentUrl;
        child.close();
+      } else if (currentUrl === url) {
+        // It's the first one, so it's not a redirect
+        console.log(`[oauth2] Loaded "${currentUrl}"`);
      } else {
-        console.log(`[oauth2] Ignoring redirect to "${url}" with match ${urlRegex.toString()}`);
+        console.log(`[oauth2] Ignoring URL "${currentUrl}". Didn't match ${urlRegex.toString()}`);
      }
    });