diff --git a/app/lib/three_scale/oauth2/keycloak_client.rb b/app/lib/three_scale/oauth2/keycloak_client.rb index af57dce454..44e08387c7 100644 --- a/app/lib/three_scale/oauth2/keycloak_client.rb +++ b/app/lib/three_scale/oauth2/keycloak_client.rb @@ -51,7 +51,7 @@ def scopes class RedirectUri - NOT_ALLOWED_PARAMS = %w[code].freeze + NOT_ALLOWED_PARAMS = %w[code iss].freeze def self.call(request) new(request).call diff --git a/app/lib/three_scale/oauth2/redhat_customer_portal_client.rb b/app/lib/three_scale/oauth2/redhat_customer_portal_client.rb index 06b83339e3..bbe8335715 100644 --- a/app/lib/three_scale/oauth2/redhat_customer_portal_client.rb +++ b/app/lib/three_scale/oauth2/redhat_customer_portal_client.rb @@ -66,7 +66,7 @@ def access_token_error_data class RedirectUri < ThreeScale::OAuth2::ClientBase::CallbackUrl - PARAMS_NOT_ALLOWED = %i[code action controller].freeze + PARAMS_NOT_ALLOWED = %i[code action controller iss].freeze def self.call(client, request) new(client, request).call diff --git a/test/unit/three_scale/oauth2/keycloak_client_test.rb b/test/unit/three_scale/oauth2/keycloak_client_test.rb index 2bf0db78f4..2c94f77396 100644 --- a/test/unit/three_scale/oauth2/keycloak_client_test.rb +++ b/test/unit/three_scale/oauth2/keycloak_client_test.rb @@ -25,13 +25,14 @@ class ThreeScale::OAuth2::KeycloakClientTest < ActiveSupport::TestCase end test '#authenticate_options' do + query_string = 'foo=bar&code=123456&iss=http%3A%2F%2Fkeycloak.example.com%2Frealms%2Ftest' env = { 'HTTP_HOST' => 'example.net', - 'QUERY_STRING' => 'foo=bar&code=123456', + 'QUERY_STRING' => query_string, 'PATH_INFO' => '/path' } request = ActionDispatch::TestRequest.create env - request.request_uri = 'http://example.net/path?foo=bar&code=123456' + request.request_uri = "http://example.net/path?#{query_string}" options = @oauth2.authenticate_options(request) diff --git a/test/unit/three_scale/oauth2/redhat_customer_portal_client_test.rb b/test/unit/three_scale/oauth2/redhat_customer_portal_client_test.rb index a78ab8b82b..b9511c75e3 100644 --- a/test/unit/three_scale/oauth2/redhat_customer_portal_client_test.rb +++ b/test/unit/three_scale/oauth2/redhat_customer_portal_client_test.rb @@ -4,6 +4,7 @@ class ThreeScale::OAuth2::RedhatCustomerPortalClientTest < ActiveSupport::TestCase setup do + @master_account = FactoryBot.create(:master_account) @authentication_provider = FactoryBot.build_stubbed(:authentication_provider) @authentication = ThreeScale::OAuth2::Client.build_authentication(@authentication_provider) @oauth2 = ThreeScale::OAuth2::RedhatCustomerPortalClient.new(@authentication) @@ -25,9 +26,19 @@ class ThreeScale::OAuth2::RedhatCustomerPortalClientTest < ActiveSupport::TestCa end test '#authenticate_options' do - request = ActionDispatch::TestRequest.create - ThreeScale::OAuth2::RedhatCustomerPortalClient::RedirectUri.expects(:call).with(@oauth2, request) - @oauth2.authenticate_options(request) + domain = 'example.net' + query_string = 'session_state=foobar&code=123456&iss=http%3A%2F%2Fkeycloak.example.com%2Frealms%2Ftest' + env = { + 'HTTP_HOST' => domain, + 'QUERY_STRING' => query_string, + 'PATH_INFO' => '/path' + } + request = ActionDispatch::TestRequest.create env + request.request_uri = "http://example.net/path?#{query_string}" + + options = @oauth2.authenticate_options(request) + + assert_equal({ redirect_uri: "http://#{@master_account.self_domain}/auth/#{@authentication_provider.system_name}/callback?self_domain=#{domain}&session_state=foobar" }, options) end test '#user_data' do