From 002eeb8dd36e1ff66f849848b442aa1af75263f1 Mon Sep 17 00:00:00 2001 From: Akhan Zhakiyanov Date: Thu, 10 Jan 2019 22:20:05 +0800 Subject: [PATCH] Update validation log message for applications without logout permission --- .../OpenIddictServerProvider.Session.cs | 5 ++- .../OpenIddictServerProviderTests.Session.cs | 39 +++++++++++++++++++ 2 files changed, 42 insertions(+), 2 deletions(-) diff --git a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs index 8800e7a9..8566589c 100644 --- a/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs +++ b/src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs @@ -142,8 +142,9 @@ namespace OpenIddict.Server.Internal if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { - _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + - "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); + _logger.LogError("The logout request was rejected because no application with the specified " + + "post_logout_redirect_uri and with a logout endpoint permission was found: " + + "{PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIddictConstants.Errors.InvalidRequest, diff --git a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs index 0ed3e8cc..c8dab4e3 100644 --- a/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs +++ b/test/OpenIddict.Server.Tests/Internal/OpenIddictServerProviderTests.Session.cs @@ -118,6 +118,45 @@ namespace OpenIddict.Server.Internal.Tests Mock.Get(manager).Verify(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny()), Times.Once()); } + [Fact] + public async Task ValidateLogoutRequest_RequestIsRejectedWhenApplicationHasNoLogoutPermission() + { + // Arrange + var application = new OpenIddictApplication(); + + var manager = CreateApplicationManager(instance => + { + instance.Setup(mock => mock.FindByPostLogoutRedirectUriAsync("http://www.fabrikam.com/path", It.IsAny())) + .ReturnsAsync(ImmutableArray.Create(application)); + + instance.Setup(mock => mock.HasPermissionAsync(application, + OpenIddictConstants.Permissions.Endpoints.Logout, It.IsAny())) + .ReturnsAsync(false); + }); + + var server = CreateAuthorizationServer(builder => + { + builder.Services.AddSingleton(manager); + + builder.Configure(options => options.IgnoreEndpointPermissions = false); + }); + + var client = new OpenIdConnectClient(server.CreateClient()); + + // Act + var response = await client.PostAsync(LogoutEndpoint, new OpenIdConnectRequest + { + PostLogoutRedirectUri = "http://www.fabrikam.com/path" + }); + + // Assert + Assert.Equal(OpenIddictConstants.Errors.InvalidRequest, response.Error); + Assert.Equal("The specified 'post_logout_redirect_uri' parameter is not valid.", response.ErrorDescription); + + Mock.Get(manager).Verify(mock => mock.HasPermissionAsync(application, + OpenIddictConstants.Permissions.Endpoints.Logout, It.IsAny()), Times.Once()); + } + [Fact] public async Task HandleLogoutRequest_RequestIsPersistedInDistributedCache() {