Merge pull request #55 from blatyo/allow-custom-redirect-uri

Allow RedirectURI to have a custom behaviour
danschultzer · Jun 11, 2019 · eb6f772 · eb6f772
2 parents fce1c4c + 0295f2c
commit eb6f772
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 6 deletions.
diff --git a/lib/ex_oauth2_provider/config.ex b/lib/ex_oauth2_provider/config.ex
@@ -79,6 +79,10 @@ defmodule ExOauth2Provider.Config do
     |> Kernel.++(get(config, :optional_scopes, []))
   end
 
+  @spec redirect_uri_match_fun(keyword()) :: function() | nil
+  def redirect_uri_match_fun(config),
+    do: get(config, :redirect_uri_match_fun)
+
   @spec native_redirect_uri(keyword()) :: binary()
   def native_redirect_uri(config),
     do: get(config, :native_redirect_uri, "urn:ietf:wg:oauth:2.0:oob")

diff --git a/lib/ex_oauth2_provider/redirect_uri.ex b/lib/ex_oauth2_provider/redirect_uri.ex
@@ -43,13 +43,17 @@ defmodule ExOauth2Provider.RedirectURI do
   @doc """
   Check if uri matches client uri
   """
-  @spec matches?(binary(), binary()) :: boolean()
-  def matches?(uri, client_uri) when is_binary(uri) and is_binary(client_uri) do
-    matches?(URI.parse(uri), URI.parse(client_uri))
+  @spec matches?(binary(), binary(), keyword()) :: boolean()
+  def matches?(uri, client_uri, config \\ [])
+  def matches?(uri, client_uri, config) when is_binary(uri) and is_binary(client_uri) do
+    matches?(URI.parse(uri), URI.parse(client_uri), config)
   end
-  @spec matches?(URI.t(), URI.t()) :: boolean()
-  def matches?(%URI{} = uri, %URI{} = client_uri) do
-    client_uri == %{uri | query: nil}
+  @spec matches?(URI.t(), URI.t(), keyword()) :: boolean()
+  def matches?(%URI{} = uri, %URI{} = client_uri, config) do
+    case Config.redirect_uri_match_fun(config) do
+      nil -> client_uri == %{uri | query: nil}
+      fun -> fun.(uri, client_uri, config)
+    end
   end
 
   @doc """

diff --git a/test/ex_oauth2_provider/redirect_uri_test.exs b/test/ex_oauth2_provider/redirect_uri_test.exs
@@ -42,11 +42,25 @@ defmodule ExOauth2Provider.RedirectURITest do
     assert RedirectURI.validate(uri, []) == {:ok, uri}
   end
 
+  test "validates wild card subdomain" do
+    uri = "https://*.app.co/"
+    assert RedirectURI.validate(uri, []) == {:ok, uri}
+  end
+
   test "matches?#true" do
     uri = "https://app.co/aaa"
     assert RedirectURI.matches?(uri, uri)
   end
 
+  test "matches?#true with custom match method" do
+    uri = "https://a.app.co/"
+    client_uri = "https://*.app.co/"
+
+    assert RedirectURI.matches?(uri, client_uri, redirect_uri_match_fun: fn uri, %{host: "*." <> host} = client_uri, _config ->
+      String.ends_with?(uri.host, host) && %{uri | query: nil} == %{client_uri | host: uri.host, authority: uri.authority}
+    end)
+  end
+
   test "matches?#true ignores query parameter on comparison" do
     assert RedirectURI.matches?("https://app.co/?query=hello", "https://app.co/")
   end