Add AbpStrictRedirectUriValidator_Tests

5 years ago · 17a24a2a7f
4 changed files with 100 additions and 53 deletions
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs
@ -6,11 +6,11 @@ namespace Volo.Abp.IdentityServer
 {
    public static class AbpIdentityServerServiceCollectionExtensions
    {
-        public static void AddAbpStrictRedirectUriValidator(this IServiceCollection services, string domainFormat)
+        public static void AddAbpStrictRedirectUriValidator(this IServiceCollection services, params string[] domainFormats)
        {
            services.Configure<AbpRedirectUriValidatorOptions>(options =>
            {
-                options.DomainFormat = domainFormat;
+                options.DomainFormats.AddRange(domainFormats);
            });

            services.Replace(ServiceDescriptor.Transient<IRedirectUriValidator, AbpStrictRedirectUriValidator>());
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpRedirectUriValidatorOptions.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpRedirectUriValidatorOptions.cs
@ -1,7 +1,14 @@
-namespace Volo.Abp.IdentityServer
+using System.Collections.Generic;
+
+namespace Volo.Abp.IdentityServer
 {
    public class AbpRedirectUriValidatorOptions
    {
-        public string DomainFormat { get; set; }
+        public List<string> DomainFormats { get; }
+
+        public AbpRedirectUriValidatorOptions()
+        {
+            DomainFormats = new List<string>();
+        }
    }
 }
--- a/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs
+++ b/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs
@ -1,5 +1,5 @@
-using System;
-using System.Collections.Generic;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
@ -8,11 +8,7 @@ using Volo.Abp.Text.Formatting;

 namespace Volo.Abp.IdentityServer
 {
-    /// <summary>
-    /// Default implementation of redirect URI validator. Validates the URIs against
-    /// the client's configured URIs.
-    /// </summary>
-    public class AbpStrictRedirectUriValidator : IRedirectUriValidator
+    public class AbpStrictRedirectUriValidator : StrictRedirectUriValidator
    {
        protected AbpRedirectUriValidatorOptions Options { get; }

@ -21,63 +17,38 @@ namespace Volo.Abp.IdentityServer
            Options = options.Value;
        }

-        /// <summary>
-        /// Checks if a given URI string is in a collection of strings (using ordinal ignore case comparison)
-        /// </summary>
-        /// <param name="uris">The uris.</param>
-        /// <param name="requestedUri">The requested URI.</param>
-        /// <returns></returns>
-        protected virtual bool StringCollectionContainsString(IEnumerable<string> uris, string requestedUri)
+        public override async Task<bool> IsRedirectUriValidAsync(string requestedUri, Client client)
+        {
+            var isAllowed = await base.IsRedirectUriValidAsync(requestedUri, client);
+            return isAllowed || await IsRedirectUriValidWithDomainFormatsAsync(client.RedirectUris, requestedUri);
+        }
+
+        public override async Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client)
+        {
+            var isAllowed = await base.IsPostLogoutRedirectUriValidAsync(requestedUri, client);
+            return isAllowed || await IsRedirectUriValidWithDomainFormatsAsync(client.PostLogoutRedirectUris, requestedUri);
+        }
+
+        protected virtual Task<bool> IsRedirectUriValidWithDomainFormatsAsync(IEnumerable<string> uris, string requestedUri)
        {
            if (uris == null)
            {
-                return false;
+                return Task.FromResult(false);
            }

            foreach (var url in uris)
            {
-                if (url.Contains(requestedUri, StringComparison.OrdinalIgnoreCase))
-                {
-                    return true;
-                }
-
-                if (url.Contains(Options.DomainFormat))
+                if (Options.DomainFormats.Any(x => url.Contains(x)))
                {
                    var extractResult = FormattedStringValueExtracter.Extract(requestedUri, url, ignoreCase: true);
                    if (extractResult.IsMatch)
                    {
-                        return true;
+                        return Task.FromResult(true);
                    }
                }
            }

-            return false;
-        }
-
-        /// <summary>
-        /// Determines whether a redirect URI is valid for a client.
-        /// </summary>
-        /// <param name="requestedUri">The requested URI.</param>
-        /// <param name="client">The client.</param>
-        /// <returns>
-        ///   <c>true</c> is the URI is valid; <c>false</c> otherwise.
-        /// </returns>
-        public virtual Task<bool> IsRedirectUriValidAsync(string requestedUri, Client client)
-        {
-            return Task.FromResult(StringCollectionContainsString(client.RedirectUris, requestedUri));
-        }
-
-        /// <summary>
-        /// Determines whether a post logout URI is valid for a client.
-        /// </summary>
-        /// <param name="requestedUri">The requested URI.</param>
-        /// <param name="client">The client.</param>
-        /// <returns>
-        ///   <c>true</c> is the URI is valid; <c>false</c> otherwise.
-        /// </returns>
-        public virtual Task<bool> IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client)
-        {
-            return Task.FromResult(StringCollectionContainsString(client.PostLogoutRedirectUris, requestedUri));
+            return Task.FromResult(false);
        }
    }
 }
--- a/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs
+++ b/modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs
@ -0,0 +1,69 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using IdentityServer4.Models;
+using IdentityServer4.Validation;
+using Microsoft.Extensions.DependencyInjection;
+using Shouldly;
+using Xunit;
+
+namespace Volo.Abp.IdentityServer
+{
+    public class AbpStrictRedirectUriValidator_Tests : AbpIdentityServerTestBase
+    {
+        private readonly IRedirectUriValidator _abpStrictRedirectUriValidator;
+
+        private readonly Client _testClient = new Client
+        {
+            RedirectUris = new List<string>
+            {
+                "https://{0}.api.abp.io:8080/signin-oidc",
+                "http://{0}.ng.abp.io/index.html"
+            },
+            PostLogoutRedirectUris = new List<string>
+            {
+                "https://{0}.api.abp.io:8080/signin-oidc",
+                "http://{0}.ng.abp.io/index.html"
+            }
+        };
+
+        public AbpStrictRedirectUriValidator_Tests()
+        {
+            _abpStrictRedirectUriValidator = GetRequiredService<IRedirectUriValidator>();
+        }
+
+        protected override void AfterAddApplication(IServiceCollection services)
+        {
+            services.AddAbpStrictRedirectUriValidator("{0}.api.abp.io:8080/signin-oidc", "{0}.ng.abp.io/index.html");
+        }
+
+        [Fact]
+        public void Should_Register_AbpStrictRedirectUriValidator()
+        {
+            _abpStrictRedirectUriValidator.GetType().ShouldBe(typeof(AbpStrictRedirectUriValidator));
+        }
+
+        [Fact]
+        public async Task IsRedirectUriValidAsync()
+        {
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue();
+
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
+        }
+
+        [Fact]
+        public async Task IsPostLogoutRedirectUriValidAsync()
+        {
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue();
+
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
+        }
+    }
+}