Allows ui_locales, claims_locales and login_hint as request params #6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
reviewed
Aug 24, 2018
| @@ -18,6 +18,16 @@ def test_request_phase | |||
| strategy.request_phase | |||
| end | |||
|
|
|||
| def test_request_phase_with_params | |||
| expected_redirect = /^https:\/\/example\.com\/authorize\?claims_locales=es&client_id=1234&login_hint=john.doe%40example.com&nonce=\w{32}&response_type=code&scope=openid&state=\w{32}&ui_locales=en$/ | |||
| expected_redirect = /^https:\/\/example\.com\/authorize\?claims_locales=es&client_id=1234&login_hint=john.doe%40example.com&nonce=\w{32}&response_type=code&scope=openid&state=\w{32}&ui_locales=en$/ | ||
| strategy.options.issuer = 'example.com' | ||
| strategy.options.client_options.host = 'example.com' | ||
| request.stubs(:params).returns('login_hint' => 'john.doe@example.com', 'ui_locales' => 'en', 'claims_locales' => 'es') |
m0n9oose
requested changes
Jan 4, 2019
| @@ -235,6 +236,10 @@ def redirect_uri | |||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(request.params['redirect_uri']) }" | |||
| end | |||
|
|
|||
| def params | |||
| request.params | |||
There was a problem hiding this comment.
Consider using delegation instead of separate method definition
There was a problem hiding this comment.
I chose to use Forwardable module, and I also replace all request.params calls.
Tell me If you prefer another solution.
Ref: [http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest](http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) These params are allowed to be used during Authentication request.
yannvery
force-pushed
the
authentication-params
branch
from
d0608fe to
0e42206
Compare
ghost
reviewed
Jan 17, 2019
| @@ -18,6 +18,16 @@ def test_request_phase | |||
| strategy.request_phase | |||
| end | |||
|
|
|||
| def test_request_phase_with_params | |||
| expected_redirect = /^https:\/\/example\.com\/authorize\?claims_locales=es&client_id=1234&login_hint=john.doe%40example.com&nonce=\w{32}&response_type=code&scope=openid&state=\w{32}&ui_locales=en$/ | |||
| @@ -18,6 +18,16 @@ def test_request_phase | |||
| strategy.request_phase | |||
| end | |||
|
|
|||
| def test_request_phase_with_params | |||
| expected_redirect = /^https:\/\/example\.com\/authorize\?claims_locales=es&client_id=1234&login_hint=john.doe%40example.com&nonce=\w{32}&response_type=code&scope=openid&state=\w{32}&ui_locales=en$/ | |||
| expected_redirect = /^https:\/\/example\.com\/authorize\?claims_locales=es&client_id=1234&login_hint=john.doe%40example.com&nonce=\w{32}&response_type=code&scope=openid&state=\w{32}&ui_locales=en$/ | ||
| strategy.options.issuer = 'example.com' | ||
| strategy.options.client_options.host = 'example.com' | ||
| request.stubs(:params).returns('login_hint' => 'john.doe@example.com', 'ui_locales' => 'en', 'claims_locales' => 'es') |
| if error | ||
| raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri']) | ||
| elsif request.params['state'].to_s.empty? || request.params['state'] != stored_state | ||
| raise CallbackError.new(params['error'], params['error_description'] || params['error_reason'], params['error_uri']) |
| elsif !request.params['code'] | ||
| return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(request.params['error'])) | ||
| elsif !params['code'] | ||
| return fail!(:missing_code, OmniAuth::OpenIDConnect::MissingCodeError.new(params['error'])) |
| @@ -231,10 +236,11 @@ def decode(str) | |||
| end | |||
|
|
|||
| def redirect_uri | |||
| return client_options.redirect_uri unless request.params['redirect_uri'] | |||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(request.params['redirect_uri']) }" | |||
| return client_options.redirect_uri unless params['redirect_uri'] | |||
| return client_options.redirect_uri unless request.params['redirect_uri'] | ||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(request.params['redirect_uri']) }" | ||
| return client_options.redirect_uri unless params['redirect_uri'] | ||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(params['redirect_uri']) }" |
There was a problem hiding this comment.
Space inside string interpolation detected.
| return client_options.redirect_uri unless request.params['redirect_uri'] | ||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(request.params['redirect_uri']) }" | ||
| return client_options.redirect_uri unless params['redirect_uri'] | ||
| "#{ client_options.redirect_uri }?redirect_uri=#{ CGI.escape(params['redirect_uri']) }" |
yannvery
force-pushed
the
authentication-params
branch
from
0e42206 to
f3e706a
Compare
|
Thanks for your feedback @m0n9oose. |
totally up to you. What about test? Is everything okay? |
|
It seems ok for me. |
m0n9oose
approved these changes
Feb 2, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello,
These params are allowed to be used during Authentication request.
Ref: http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
I removed the
login_hintoption, the param has to be dynamic. I don't understand why it should be declared as an option.Please let me know if I misunderstood something.