Remove encoding/decoding of returnToUrl.

Author: dmitrizagidulin

src/handlers/auth-callback-request.js

@@ -56,14 +56,13 @@ class AuthCallbackRequest {
 
     let requestUri = AuthCallbackRequest.fullUriFor(req)
     let issuer = AuthCallbackRequest.extractIssuer(req)
-    let returnToUrl = AuthCallbackRequest.extractReturnToUrl(req.session)
 
     let options = {
       issuer,
       requestUri,
       oidcManager,
       serverUri,
-      returnToUrl,
+      returnToUrl: req.session.returnToUrl,
       response: res,
       session: req.session
     }
@@ -96,20 +95,6 @@ class AuthCallbackRequest {
     return req.params && decodeURIComponent(req.params.issuer_id)
   }
 
-  /**
-   * Extracts the `returnToUrl` that was stored in session during the
-   * SelectProviderRequest handling.
-   *
-   * @param session
-   *
-   * @returns {string|null}
-   */
-  static extractReturnToUrl (session) {
-    const returnToUrl = session.returnToUrl
-
-    return returnToUrl ? decodeURIComponent(returnToUrl) : null
-  }
-
   validate () {
     if (!this.issuer) {
       let error = new Error('Issuer id is missing from request params')

src/handlers/select-provider-request.js

@@ -12,7 +12,7 @@ class SelectProviderRequest {
    * @param [options.oidcManager] {OidcManager}
    * @param [options.response] {HttpResponse}
    * @param [options.serverUri] {string}
-   * @param [options.returnToUrl] {string} Encoded url of the original resource
+   * @param [options.returnToUrl] {string} Url of the original resource
    *   a client was trying to access before being redirected to select provider
    */
   constructor (options) {

test/unit/auth-callback-request.js

@@ -78,7 +78,7 @@ describe('AuthCallbackRequest', () => {
       let oidcManager = {}
       let host = { serverUri: 'https://example.com' }
       let returnToUrl = 'https://example.com/resource#hash'
-      let session = { returnToUrl: encodeURIComponent(returnToUrl) }
+      let session = { returnToUrl }
 
       let req = {
         session,
@@ -101,23 +101,6 @@ describe('AuthCallbackRequest', () => {
     })
   })
 
-  describe('static extractReturnToUrl()', () => {
-    it('should return null if no returnToUrl is present in session', () => {
-      let session = {}
-
-      expect(AuthCallbackRequest.extractReturnToUrl(session))
-        .to.be.null()
-    })
-
-    it('should return a url-decoded returnToUrl from session', () => {
-      let returnToUrl = 'https://example.com/resource#hash'
-      let session = { returnToUrl: encodeURIComponent(returnToUrl) }
-
-      expect(AuthCallbackRequest.extractReturnToUrl(session))
-        .to.equal(returnToUrl)
-    })
-  })
-
   describe('validate()', () => {
     it('should throw an error if issuer param is missing', () => {
       let request = new AuthCallbackRequest({ issuer: 'https://example.com' })