Fix redirection url sent by email during identity validation

pull/37/head
Clement Michaud 2017-06-01 22:08:20 +02:00
parent 3890c5b24d
commit b344db786a
3 changed files with 67 additions and 37 deletions

View File

@ -122,7 +122,8 @@ export class IdentityValidator {
}) })
.then(function (token: string) { .then(function (token: string) {
const redirect_url = objectPath.get<express.Request, string>(req, "body.redirect"); const redirect_url = objectPath.get<express.Request, string>(req, "body.redirect");
const original_url = util.format("https://%s%s", req.headers.host, req.headers["x-original-uri"]); const original_uri = objectPath.get<express.Request, string>(req, "headers.x-original-uri", "");
const original_url = util.format("https://%s%s", req.headers.host, original_uri);
let link_url = util.format("%s?identity_token=%s", original_url, token); let link_url = util.format("%s?identity_token=%s", original_url, token);
if (redirect_url) { if (redirect_url) {
link_url = util.format("%s&redirect=%s", link_url, redirect_url); link_url = util.format("%s&redirect=%s", link_url, redirect_url);

View File

@ -123,7 +123,12 @@ describe("test identity check process", function() {
handler(req, res); handler(req, res);
}); });
it("should issue a token, send an email and return 204", function(done) { describe("should issue a token, send an email and return 204", () => {
function contains(str: string, pattern: string): boolean {
return str.indexOf(pattern) > -1;
}
it("with x-original-uri", function(done) {
const endpoint = "/protected"; const endpoint = "/protected";
const identity = { userid: "user", email: "abc@example.com" }; const identity = { userid: "user", email: "abc@example.com" };
req.headers.host = "localhost"; req.headers.host = "localhost";
@ -135,6 +140,8 @@ describe("test identity check process", function() {
res.send = sinon.spy(function () { res.send = sinon.spy(function () {
assert.equal(res.status.getCall(0).args[0], 204); assert.equal(res.status.getCall(0).args[0], 204);
assert(notifier.notify.calledOnce); assert(notifier.notify.calledOnce);
console.log(notifier.notify.getCall(0).args[2]);
assert(contains(notifier.notify.getCall(0).args[2], "https://localhost/auth/test?identity_token="));
assert(userDataStore.issue_identity_check_token.calledOnce); assert(userDataStore.issue_identity_check_token.calledOnce);
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user"); assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000); assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
@ -143,6 +150,28 @@ describe("test identity check process", function() {
const handler = app_post.getCall(0).args[1]; const handler = app_post.getCall(0).args[1];
handler(req, res); handler(req, res);
}); });
it("without x-original-uri", function(done) {
const endpoint = "/protected";
const identity = { userid: "user", email: "abc@example.com" };
req.headers.host = "localhost";
identityValidable.preValidation.returns(Promise.resolve(identity));
IdentityValidator.IdentityValidator.setup(app, endpoint, identityValidable, userDataStore as any, winston);
res.send = sinon.spy(function () {
assert.equal(res.status.getCall(0).args[0], 204);
assert(notifier.notify.calledOnce);
assert(contains(notifier.notify.getCall(0).args[2], "https://localhost?identity_token="));
assert(userDataStore.issue_identity_check_token.calledOnce);
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[0], "user");
assert.equal(userDataStore.issue_identity_check_token.getCall(0).args[3], 240000);
done();
});
const handler = app_post.getCall(0).args[1];
handler(req, res);
});
});
} }
function test_get_handler() { function test_get_handler() {

View File

@ -106,7 +106,7 @@ describe("test authentication token verification", function () {
return test_unauthorized({ first_factor: true }); return test_unauthorized({ first_factor: true });
}); });
it.only("should not be authenticated when domain is not allowed for user", function () { it("should not be authenticated when domain is not allowed for user", function () {
req.headers.host = "test.example.com"; req.headers.host = "test.example.com";
accessController.isDomainAllowedForUser.returns(false); accessController.isDomainAllowedForUser.returns(false);