From 0113b1864c5bec07d1f66615c0622dbe0dc132b0 Mon Sep 17 00:00:00 2001 From: nelsonic Date: Wed, 22 Apr 2020 18:04:09 +0100 Subject: [PATCH] allow URI.encoded urls as referer --- lib/auth_web/controllers/auth_controller.ex | 5 +++-- test/auth_web/controllers/auth_controller_test.exs | 13 ++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/auth_web/controllers/auth_controller.ex b/lib/auth_web/controllers/auth_controller.ex index c4f7b0b3..1ca53cb8 100644 --- a/lib/auth_web/controllers/auth_controller.ex +++ b/lib/auth_web/controllers/auth_controller.ex @@ -19,6 +19,7 @@ defmodule AuthWeb.AuthController do def google_handler(conn, %{"code" => code, "state" => state}) do IO.inspect(state, label: "state") {:ok, token} = ElixirAuthGoogle.get_token(code, conn) + IO.inspect(token, label: "token") {:ok, profile} = ElixirAuthGoogle.get_user_profile(token.access_token) IO.inspect(profile, label: "profile") @@ -41,7 +42,7 @@ defmodule AuthWeb.AuthController do if the state is defined, redirect to it. """ def handler(conn, person, state) do - IO.inspect(person, label: "person") + IO.inspect(person, label: "handler/3 > person") # Send welcome email: Auth.Email.sendemail(%{ email: person.email, @@ -51,7 +52,7 @@ defmodule AuthWeb.AuthController do |> IO.inspect(label: "email") # check if valid state (HTTP referer) is defined: - case not is_nil(state) and state =~ "//" do + case not is_nil(state) do # redirect true -> conn diff --git a/test/auth_web/controllers/auth_controller_test.exs b/test/auth_web/controllers/auth_controller_test.exs index 49370689..51be2697 100644 --- a/test/auth_web/controllers/auth_controller_test.exs +++ b/test/auth_web/controllers/auth_controller_test.exs @@ -2,22 +2,25 @@ defmodule AuthWeb.AuthControllerTest do use AuthWeb.ConnCase test "github_handler/2 github auth callback", %{conn: conn} do - conn = get(conn, "/auth/github/callback", %{code: "123", state: "http://localhost/"}) + conn = get(conn, "/auth/github/callback", + %{code: "123", state: "http://localhost/"}) # assert html_response(conn, 200) =~ "test@gmail.com" assert html_response(conn, 302) =~ "http://localhost" end test "google_handler/2 for google auth callback", %{conn: conn} do - conn = get(conn, "/auth/google/callback", %{code: "234", state: "http://localhost/"}) + conn = get(conn, "/auth/google/callback", + %{code: "234", state: "http://localhost/"}) # assert html_response(conn, 200) =~ "nelson@gmail.com" assert html_response(conn, 302) =~ "http://localhost" end - test "google_handler/2 with invalid state", %{conn: conn} do - conn = get(conn, "/auth/google/callback", %{code: "234", state: "NY"}) + test "google_handler/2 nil state", %{conn: conn} do + conn = get(conn, "/auth/google/callback", + %{code: "234", state: nil}) assert html_response(conn, 200) =~ "nelson@gmail.com" - # assert html_response(conn, 302) =~ "http://localhost" + # assert html_response(conn, 302) =~ "redirected" end end