specialize URIValidator to validate redirect URIs

Author: masci

oauth2_provider/tests/test_validators.py

@@ -8,10 +8,12 @@
 
 class TestValidators(TestCase):
     def test_validate_good_uris(self):
-        good_urls = 'http://example.com/ http://example.it/?key=val'
+        good_urls = 'http://example.com/ http://example.it/?key=val http://example'
         # Check ValidationError not thrown
         validate_uris(good_urls)
 
     def test_validate_bad_uris(self):
-        bad_urls = 'http://example.com http://example'
-        self.assertRaises(ValidationError, validate_uris, bad_urls)
+        bad_url = 'http://example.com/#fragment'
+        self.assertRaises(ValidationError, validate_uris, bad_url)
+        bad_url = 'http:/example.com'
+        self.assertRaises(ValidationError, validate_uris, bad_url)

oauth2_provider/validators.py

@@ -40,10 +40,17 @@ def __call__(self, value):
             url = value
 
 
+class RedirectURIValidator(URIValidator):
+    def __call__(self, value):
+        super(RedirectURIValidator, self).__call__(value)
+        if len(value.split('#')) > 1:
+            raise ValidationError('Redirect URIs must not contain fragments')
+
+
 def validate_uris(value):
     """
     This validator ensures that `value` contains valid blank-separated urls"
     """
-    v = URIValidator()
+    v = RedirectURIValidator()
     for uri in value.split():
         v(uri)