fix(sdk): fix handleAuthorizationResponse rel URL

Support passing relative URLs for `#handleAuthorizationResponse()` on Node.JS.
Mermaid-Chart · Nov 21, 2023 · 4702422 · 4702422
1 parent 99cad29
commit 4702422
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/packages/sdk/CHANGELOG.md b/packages/sdk/CHANGELOG.md
@@ -9,6 +9,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Compile an ESM version of this codebase for Node.JS v18.
 
-## [0.1.1] - 2023-09-08
+### Fixed
+
+- `MermaidChart#handleAuthorizationResponse()` now supports relative URLs.
 
+## [0.1.1] - 2023-09-08
 - Browser-only build.
diff --git a/packages/sdk/src/index.test.ts b/packages/sdk/src/index.test.ts
@@ -61,5 +61,20 @@ describe('MermaidChart', () => {
         ),
       ).rejects.toThrowError('invalid_state');
     });
+
+    it('should throw with nicer error if URL has no query params', async () => {
+      await expect(() =>
+        client.handleAuthorizationResponse(
+          // missing the ? so it's not read as a query
+          'code=hello-world&state=my-invalid-state',
+        ),
+      ).rejects.toThrowError(/no query parameters/);
+    });
+
+    it('should work in Node.JS with url fragment', async () => {
+      const code = 'hello-nodejs-world';
+      await client.handleAuthorizationResponse(`?code=${code}&state=${state}`);
+      await expect(client.getAccessToken()).resolves.toBe('test-example-access_token');
+    });
   });
 });
diff --git a/packages/sdk/src/index.ts b/packages/sdk/src/index.ts
@@ -100,12 +100,20 @@ export class MermaidChart {
     };
   }
 
+  /**
+   * Handle authorization response.
+   *
+   * @param urlString - URL, only the query string is required (e.g. `?code=xxxx&state=xxxxx`)
+   */
   public async handleAuthorizationResponse(urlString: string) {
-    const url = new URL(urlString);
+    const url = new URL(urlString, 'https://dummy.invalid');
     const state = url.searchParams.get('state') ?? undefined;
     const authorizationToken = url.searchParams.get('code');
 
     if (!authorizationToken) {
+      if (url.searchParams.size === 0) {
+        throw new Error(`URL ${JSON.stringify(urlString)} has no query parameters.`);
+      }
       throw new RequiredParameterMissingError('token');
     }
     if (!state) {