allow URI.encoded urls as referer

dwyl · Apr 22, 2020 · 0113b18 · 0113b18
1 parent 6bd6187
commit 0113b18
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 7 deletions.
diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex
@@ -19,6 +19,7 @@ defmodule AuthWeb.AuthController do
   def google_handler(conn, %{"code" => code, "state" => state}) do
     IO.inspect(state, label: "state")
     {:ok, token} = ElixirAuthGoogle.get_token(code, conn)
+    IO.inspect(token, label: "token")
     {:ok, profile} = ElixirAuthGoogle.get_user_profile(token.access_token)
     IO.inspect(profile, label: "profile")
 
@@ -41,7 +42,7 @@ defmodule AuthWeb.AuthController do
   if the state is defined, redirect to it.
   """
   def handler(conn, person, state) do
-    IO.inspect(person, label: "person")
+    IO.inspect(person, label: "handler/3 > person")
     # Send welcome email:
     Auth.Email.sendemail(%{
       email: person.email,
@@ -51,7 +52,7 @@ defmodule AuthWeb.AuthController do
     |> IO.inspect(label: "email")
 
     # check if valid state (HTTP referer) is defined:
-    case not is_nil(state) and state =~ "//" do
+    case not is_nil(state) do
       # redirect
       true ->
         conn

diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs
@@ -2,22 +2,25 @@ defmodule AuthWeb.AuthControllerTest do
   use AuthWeb.ConnCase
 
   test "github_handler/2 github auth callback", %{conn: conn} do
-    conn = get(conn, "/auth/github/callback", %{code: "123", state: "http://localhost/"})
+    conn = get(conn, "/auth/github/callback",
+      %{code: "123", state: "http://localhost/"})
     # assert html_response(conn, 200) =~ "[email protected]"
     assert html_response(conn, 302) =~ "http://localhost"
   end
 
   test "google_handler/2 for google auth callback", %{conn: conn} do
-    conn = get(conn, "/auth/google/callback", %{code: "234", state: "http://localhost/"})
+    conn = get(conn, "/auth/google/callback",
+      %{code: "234", state: "http://localhost/"})
 
     # assert html_response(conn, 200) =~ "[email protected]"
     assert html_response(conn, 302) =~ "http://localhost"
   end
 
-  test "google_handler/2 with invalid state", %{conn: conn} do
-    conn = get(conn, "/auth/google/callback", %{code: "234", state: "NY"})
+  test "google_handler/2 nil state", %{conn: conn} do
+    conn = get(conn, "/auth/google/callback",
+      %{code: "234", state: nil})
 
     assert html_response(conn, 200) =~ "[email protected]"
-    # assert html_response(conn, 302) =~ "http://localhost"
+    # assert html_response(conn, 302) =~ "redirected"
   end
 end