File tree Expand file tree Collapse file tree 2 files changed +38
-5
lines changed Expand file tree Collapse file tree 2 files changed +38
-5
lines changed Original file line number Diff line number Diff line change @@ -55,17 +55,17 @@ class AuthCallbackRequest {
5555 }
5656
5757 let requestUri = AuthCallbackRequest . fullUriFor ( req )
58-
5958 let issuer = AuthCallbackRequest . extractIssuer ( req )
59+ let returnToUrl = AuthCallbackRequest . extractReturnToUrl ( req . session )
6060
6161 let options = {
6262 issuer,
6363 requestUri,
6464 oidcManager,
6565 serverUri,
66+ returnToUrl,
6667 response : res ,
67- session : req . session ,
68- returnToUrl : req . session . returnToUrl
68+ session : req . session
6969 }
7070
7171 let request = new AuthCallbackRequest ( options )
@@ -96,6 +96,20 @@ class AuthCallbackRequest {
9696 return req . params && decodeURIComponent ( req . params . issuer_id )
9797 }
9898
99+ /**
100+ * Extracts the `returnToUrl` that was stored in session during the
101+ * SelectProviderRequest handling.
102+ *
103+ * @param session
104+ *
105+ * @returns {string|null }
106+ */
107+ static extractReturnToUrl ( session ) {
108+ const returnToUrl = session . returnToUrl
109+
110+ return returnToUrl ? decodeURIComponent ( returnToUrl ) : null
111+ }
112+
99113 validate ( ) {
100114 if ( ! this . issuer ) {
101115 let error = new Error ( 'Issuer id is missing from request params' )
@@ -158,6 +172,7 @@ class AuthCallbackRequest {
158172 this . debug ( ' Resuming workflow, redirecting to ' + this . returnToUrl )
159173
160174 delete this . session . returnToUrl
175+
161176 return this . response . redirect ( 302 , this . returnToUrl )
162177 }
163178}
Original file line number Diff line number Diff line change @@ -77,7 +77,8 @@ describe('AuthCallbackRequest', () => {
7777
7878 let oidcManager = { }
7979 let host = { serverUri : 'https://example.com' }
80- let session = { returnToUrl : 'https://example.com/resource' }
80+ let returnToUrl = 'https://example.com/resource#hash'
81+ let session = { returnToUrl : encodeURIComponent ( returnToUrl ) }
8182
8283 let req = {
8384 session,
@@ -96,7 +97,24 @@ describe('AuthCallbackRequest', () => {
9697 expect ( request . oidcManager ) . to . equal ( oidcManager )
9798 expect ( request . response ) . to . equal ( res )
9899 expect ( request . session ) . to . equal ( session )
99- expect ( request . returnToUrl ) . to . equal ( session . returnToUrl )
100+ expect ( request . returnToUrl ) . to . equal ( returnToUrl )
101+ } )
102+ } )
103+
104+ describe ( 'static extractReturnToUrl()' , ( ) => {
105+ it ( 'should return null if no returnToUrl is present in session' , ( ) => {
106+ let session = { }
107+
108+ expect ( AuthCallbackRequest . extractReturnToUrl ( session ) )
109+ . to . be . null ( )
110+ } )
111+
112+ it ( 'should return a url-decoded returnToUrl from session' , ( ) => {
113+ let returnToUrl = 'https://example.com/resource#hash'
114+ let session = { returnToUrl : encodeURIComponent ( returnToUrl ) }
115+
116+ expect ( AuthCallbackRequest . extractReturnToUrl ( session ) )
117+ . to . equal ( returnToUrl )
100118 } )
101119 } )
102120
You can’t perform that action at this time.
0 commit comments