Change error message for unregistered redirect URIs to specify provided URI.

Author: Potherca

solid/lib/Controller/ServerController.php

@@ -23,6 +23,7 @@ class ServerController extends Controller
 {
 	use DpopFactoryTrait;
 
+	public const ERROR_UNREGISTERED_URI = 'Provided redirect URI "%s" does not match any registered URIs';
 	private $userId;
 
 	/* @var IUserManager */
@@ -229,13 +230,12 @@ public function authorize() {
 			$redirectUris = $clientRegistration['redirect_uris'];
 
 			$validRedirectUris = array_filter($redirectUris, function ($uri) use ($redirectUri) {
-				// @CHECKME: Does either URI need to be normalized when it is a URL?
-				//           For instance, anchors `#` or query parameters `?`
 				return $uri === $redirectUri;
 			});
 
 			if (count($validRedirectUris) === 0) {
-				return new JSONResponse('Provided redirect URI does not match any registered URIs', Http::STATUS_BAD_REQUEST);
+				$message = vsprintf(self::ERROR_UNREGISTERED_URI, [$redirectUri]);
+				return new JSONResponse($message, Http::STATUS_BAD_REQUEST);
 			}
 		}
 

solid/tests/Unit/Controller/ServerControllerTest.php

@@ -195,7 +195,7 @@ public function testAuthorizeWithInvalidRedirectUri()
 		$response = $controller->authorize();
 
 		$expected = [
-			'data' => 'Provided redirect URI does not match any registered URIs',
+			'data' => vsprintf($controller::ERROR_UNREGISTERED_URI, [$_GET['redirect_uri']]),
 			'headers' => [
 				'Cache-Control' => 'no-cache, no-store, must-revalidate',
 				'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'",