Skip to content

Commit

Permalink
Add test for redirect url validation
Browse files Browse the repository at this point in the history
  • Loading branch information
tumbl3w33d committed Jan 31, 2024
1 parent 11f77a7 commit 0ceae03
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -730,7 +730,7 @@ protected AuthorizationCodeFlow buildAuthorizationCodeFlow() {
return builder.build();
}

private String getValidRedirectUrl(String url) {
protected String getValidRedirectUrl(String url) {
if (url != null && !url.isEmpty()) {
// Check if the URL is relative and starts with a slash
if (url.startsWith("/")) {
Expand Down
15 changes: 15 additions & 0 deletions src/test/java/org/jenkinsci/plugins/oic/OicSecurityRealmTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
import com.github.tomakehurst.wiremock.junit.WireMockRule;
import hudson.util.Secret;
import java.io.IOException;
import java.net.MalformedURLException;

import org.acegisecurity.AuthenticationManager;
import org.acegisecurity.BadCredentialsException;
import org.acegisecurity.GrantedAuthority;
Expand All @@ -16,6 +18,7 @@

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertThrows;

public class OicSecurityRealmTest {

Expand Down Expand Up @@ -83,4 +86,16 @@ public void testShouldSetNullClientSecretWhenSecretIsNone() throws IOException {
.build();
assertEquals("none", Secret.toString(realm.getClientSecret()));
}

@Test
public void testGetValidRedirectUrl() throws IOException {
String rootUrl = "https://ci.example.com/";
TestRealm realm = new TestRealm.Builder(rootUrl)
.WithMinimalDefaults().build();
assertEquals(rootUrl + "foo", realm.getValidRedirectUrl("/foo"));
assertEquals(rootUrl + "bar", realm.getValidRedirectUrl(rootUrl + "/bar"));
assertEquals(rootUrl, realm.getValidRedirectUrl(null));
assertEquals(rootUrl, realm.getValidRedirectUrl(""));
assertThrows(MalformedURLException.class, () -> realm.getValidRedirectUrl("foobar"));
}
}

0 comments on commit 0ceae03

Please sign in to comment.