Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure state set correctly when set via parameters #77

Merged
merged 3 commits into from
Dec 27, 2016
Merged

Ensure state set correctly when set via parameters #77

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4144733
Ensure state set correctly when set via parameters
cocojoe Dec 21, 2016
2df84f6
Improve state handling and add more tests
hzalaz Dec 22, 2016
eab7536
Make SafariWebAuth generate the state on each start
hzalaz Dec 22, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions Auth0/SafariWebAuth.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ class SafariWebAuth: WebAuth {
let presenter: ControllerModalPresenter
let storage: SessionStorage
var logger: Logger?
var state = generateDefaultState()
var parameters: [String: String] = [:]
var universalLink = false
var responseType: [ResponseType] = [.code]
Expand Down Expand Up @@ -68,7 +67,7 @@ class SafariWebAuth: WebAuth {
}

func state(_ state: String) -> Self {
self.state = state
self.parameters["state"] = state
return self
}

Expand Down Expand Up @@ -107,9 +106,11 @@ class SafariWebAuth: WebAuth {
guard self.nonce != nil else { return callback(Result.failure(error: WebAuthError.noNonceProvided)) }
}
let handler = self.handler(redirectURL)
let authorizeURL = self.buildAuthorizeURL(withRedirectURL: redirectURL, defaults: handler.defaults)
let state = self.parameters["state"] ?? generateDefaultState()
let authorizeURL = self.buildAuthorizeURL(withRedirectURL: redirectURL, defaults: handler.defaults, state: state)
let (controller, finish) = newSafari(authorizeURL, callback: callback)
let session = SafariSession(controller: controller, redirectURL: redirectURL, state: self.state, handler: handler, finish: finish, logger: self.logger)

let session = SafariSession(controller: controller, redirectURL: redirectURL, state: state, handler: handler, finish: finish, logger: self.logger)
controller.delegate = session
logger?.trace(url: authorizeURL, source: "Safari")
self.presenter.present(controller)
Expand Down Expand Up @@ -138,15 +139,15 @@ class SafariWebAuth: WebAuth {
return (controller, finish)
}

func buildAuthorizeURL(withRedirectURL redirectURL: URL, defaults: [String: String]) -> URL {
func buildAuthorizeURL(withRedirectURL redirectURL: URL, defaults: [String: String], state: String?) -> URL {
let authorize = URL(string: "/authorize", relativeTo: self.url)!
var components = URLComponents(url: authorize, resolvingAgainstBaseURL: true)!
var items: [URLQueryItem] = []
var entries = defaults
entries["client_id"] = self.clientId
entries["redirect_uri"] = redirectURL.absoluteString
entries["scope"] = "openid"
entries["state"] = self.state
entries["state"] = state
entries["response_type"] = self.responseType.map { $0.label! }.joined(separator: " ")
if self.responseType.contains(.idToken) {
entries["nonce"] = self.nonce
Expand Down
2 changes: 1 addition & 1 deletion Auth0/SessionStorage.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import UIKit
class SessionStorage {
static let sharedInstance = SessionStorage()

fileprivate var current: OAuth2Session? = nil
private(set) var current: OAuth2Session? = nil

func resume(_ url: URL, options: [UIApplicationOpenURLOptionsKey: Any]) -> Bool {
let resumed = self.current?.resume(url, options: options) ?? false
Expand Down
72 changes: 57 additions & 15 deletions Auth0Tests/WebAuthSpec.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ class WebAuthSpec: QuickSpec {
itBehavesLike(ValidAuthorizeURLExample) {
return [
"url": newWebAuth()
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(),
]
Expand All @@ -101,7 +101,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.connection("facebook")
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["connection": "facebook"]),
]
Expand All @@ -111,7 +111,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.scope("openid email")
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["scope": "openid email"]),
]
Expand All @@ -122,24 +122,24 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.parameters(["state": state])
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["state": state]),
]
}

it("should override default values") {
let auth = newWebAuth()
let state = auth.state!
let url = auth.parameters(["state": "value"]).buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults)
expect(url.a0_components?.queryItems).toNot(containItem(withName: "state", value: state))
let url = newWebAuth()
.parameters(["scope": "openid email phone"])
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state")
expect(url.a0_components?.queryItems).toNot(containItem(withName: "scope", value: "openid"))
}

itBehavesLike(ValidAuthorizeURLExample) {
return [
"url": newWebAuth()
.responseType([.idToken])
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["response_type": "id_token"]),
]
Expand All @@ -149,7 +149,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.responseType([.token])
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["response_type": "token"]),
]
Expand All @@ -159,7 +159,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.responseType([.idToken, .token])
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["response_type": "id_token token"]),
]
Expand All @@ -170,7 +170,7 @@ class WebAuthSpec: QuickSpec {
"url": newWebAuth()
.responseType([.idToken])
.nonce("abc1234")
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["nonce": "abc1234", "response_type" : "id_token"]),
]
Expand All @@ -180,7 +180,7 @@ class WebAuthSpec: QuickSpec {
var newDefaults = defaults
newDefaults["audience"] = "https://wwww.google.com"
return [
"url": newWebAuth().buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: newDefaults),
"url": newWebAuth().buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: newDefaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["audience": "https://wwww.google.com"]),
]
Expand All @@ -192,7 +192,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.audience("https://domain.auth0.com")
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: newDefaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: newDefaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["audience": "https://domain.auth0.com"]),
]
Expand All @@ -202,7 +202,7 @@ class WebAuthSpec: QuickSpec {
return [
"url": newWebAuth()
.audience("https://domain.auth0.com")
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults),
.buildAuthorizeURL(withRedirectURL: RedirectURL, defaults: defaults, state: "state"),
"domain": Domain,
"query": defaultQuery(withParameters: ["audience": "https://domain.auth0.com"]),
]
Expand All @@ -224,6 +224,48 @@ class WebAuthSpec: QuickSpec {
}


describe("session") {
let storage = SessionStorage.sharedInstance

beforeEach {
if let current = storage.current {
storage.cancel(current)
}
}

it("should save started session") {
newWebAuth().start({ _ in})
expect(storage.current).toNot(beNil())
}

it("should hava a generated state") {
let auth = newWebAuth()
auth.start({ _ in})
expect(storage.current?.state).toNot(beNil())
}

it("should honor supplied state") {
let state = UUID().uuidString
newWebAuth().state(state).start({ _ in})
expect(storage.current?.state) == state
}

it("should honor supplied state via parameters") {
let state = UUID().uuidString
newWebAuth().parameters(["state": state]).start({ _ in})
expect(storage.current?.state) == state
}

it("should hava generate on start different states") {
let auth = newWebAuth()
auth.start({ _ in})
let state = storage.current?.state
auth.start({ _ in})
expect(storage.current?.state) != state
}

}

describe("safari") {

var result: Result<Credentials>?
Expand Down