fix: removed the validation of incoming redirect_uri once the webauth…

… flow resumes back (#850)
auth0 · May 8, 2024 · c0f37e0 · c0f37e0
1 parent d2989c7
commit c0f37e0
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 10 deletions.
diff --git a/Auth0/LoginTransaction.swift b/Auth0/LoginTransaction.swift
@@ -38,8 +38,7 @@ class LoginTransaction: NSObject, AuthTransaction {
     }
 
     private func handleURL(_ url: URL) -> Bool {
-        guard url.absoluteString.lowercased().hasPrefix(self.redirectURL.absoluteString.lowercased()),
-              let components = URLComponents(url: url, resolvingAgainstBaseURL: true),
+        guard let components = URLComponents(url: url, resolvingAgainstBaseURL: true),
               case let items = self.handler.values(fromComponents: components),
               has(state: self.state, inItems: items) else {
             let error = WebAuthError(code: .unknown("Invalid callback URL: \(url.absoluteString)"))

diff --git a/Auth0Tests/LoginTransactionSpec.swift b/Auth0Tests/LoginTransactionSpec.swift
@@ -42,14 +42,6 @@ class LoginTransactionSpec: QuickSpec {
                     expect(transaction.userAgent).to(beNil())
                 }
 
-                it("should fail to handle url with invalid prefix") {
-                    let url = URL(string: "https://invalid.auth0.com/callback?code=\(code)&state=state")!
-                    let expectedError = WebAuthError(code: .unknown("Invalid callback URL: \(url.absoluteString)"))
-                    expect(transaction.resume(url)) == false
-                    expect(userAgent.result).to(haveWebAuthError(expectedError))
-                    expect(transaction.userAgent).to(beNil())
-                }
-
                 it("should fail to handle url without state") {
                     let url = URL(string: "https://samples.auth0.com/callback?code=\(code)")!
                     let expectedError = WebAuthError(code: .unknown("Invalid callback URL: \(url.absoluteString)"))