Add unit test for redirect_uri validation

cicnavi · cicnavi · commit 80194ee0f6fc · 2025-02-26T10:55:57.000+01:00
diff --git a/src/Forms/ClientForm.php b/src/Forms/ClientForm.php
@@ -34,6 +34,8 @@ class ClientForm extends Form
 
     /**
      * RFC3986. AppendixB. Parsing a URI Reference with a Regular Expression.
+     * From v6.*, the regex was modified to allow URI without host, to support adding entries like
+     * `openid-credential-offer://`
      */
     final public const REGEX_URI = '/^[^:]+:\/\/?([^\s\/$.?#].[^\s]*)?$/';
 
diff --git a/tests/unit/src/Forms/ClientFormTest.php b/tests/unit/src/Forms/ClientFormTest.php
@@ -171,4 +171,36 @@ public function testSetDefaultsUnsetsAuthSourceIfNotValid(): void
 
         $this->assertNull($sut->getValues()['auth_source']);
     }
+
+    public static function redirectUriProvider(): array
+    {
+        return [
+            ['https', false],
+            ['https:', false],
+            ['example', false],
+            ['example.com', false],
+            ['example.com/?foo=bar', false],
+            ['www.example.com/?foo=bar', false],
+            ['https://example', true],
+            ['https://example.com', true],
+            ['https://example.com/', true],
+            ['https://example.com/foo', true],
+            ['https://example.com/foo?bar=1', true],
+
+            // To support OID4VCI
+            ['openid-credential-offer://', true],
+            ['foo://', true],
+            ['https://', true],
+        ];
+    }
+
+    #[DataProvider('redirectUriProvider')]
+    public function testCanValidateRedirectUri(string $url, bool $isValid): void
+    {
+        $sut = $this->sut();
+        $sut->setValues(['redirect_uri' => $url]);
+        $sut->validateRedirectUri($sut);
+
+        $this->assertEquals(!$isValid, $sut->hasErrors(), $url);
+    }
 }
