Mirroristas/CommunitySolidServer
2
0
Fork 0
mirror of https://github.com/CommunitySolidServer/CommunitySolidServer.git synced 2024-10-03 14:55:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Throw error when trying to complete interaction out of session

Browse Source
This commit is contained in:
Joachim Van Herwegen 2021-08-13 11:36:20 +02:00
parent 634d2d92f1
commit cb227d6431
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/identity/IdentityProviderHttpHandler.ts
View File

@ -183,6 +183,13 @@ export class IdentityProviderHttpHandler extends HttpHandler {
} }
if (result.type === 'complete') { if (result.type === 'complete') {
if (!oidcInteraction) {
// Once https://github.com/solid/community-server/pull/898 is merged
// we want to assign an error code here to have a more thorough explanation
throw new BadRequestHttpError(
'This action can only be executed as part of an authentication flow. It should not be used directly.',
);
}
return await this.interactionCompleter.handleSafe({ ...result.details, request, response }); return await this.interactionCompleter.handleSafe({ ...result.details, request, response });
} }
if (result.type === 'response' && route.responseTemplate) { if (result.type === 'response' && route.responseTemplate) {

22
test/unit/identity/IdentityProviderHttpHandler.test.ts
View File

@ -113,12 +113,32 @@ describe('An IdentityProviderHttpHandler', (): void => {
); );
}); });
it('calls the interactionCompleter for InteractionCompleteResults.', async(): Promise<void> => { it('errors for InteractionCompleteResults if no oidcInteraction is defined.', async(): Promise<void> => {
request.url = '/idp/routeComplete'; request.url = '/idp/routeComplete';
request.method = 'POST'; request.method = 'POST';
errorHandler.handleSafe.mockResolvedValueOnce({ statusCode: 400 });
await expect(handler.handle({ request, response })).resolves.toBeUndefined(); await expect(handler.handle({ request, response })).resolves.toBeUndefined();
expect(routes.complete.handler.handleSafe).toHaveBeenCalledTimes(1); expect(routes.complete.handler.handleSafe).toHaveBeenCalledTimes(1);
expect(routes.complete.handler.handleSafe).toHaveBeenLastCalledWith({ request }); expect(routes.complete.handler.handleSafe).toHaveBeenLastCalledWith({ request });
expect(interactionCompleter.handleSafe).toHaveBeenCalledTimes(0);
const error = new BadRequestHttpError(
'This action can only be executed as part of an authentication flow. It should not be used directly.',
);
expect(errorHandler.handleSafe).toHaveBeenCalledTimes(1);
expect(errorHandler.handleSafe).toHaveBeenLastCalledWith({ error, preferences: { type: { 'text/plain': 1 }}});
expect(responseWriter.handleSafe).toHaveBeenCalledTimes(1);
expect(responseWriter.handleSafe).toHaveBeenLastCalledWith({ response, result: { statusCode: 400 }});
});
it('calls the interactionCompleter for InteractionCompleteResults.', async(): Promise<void> => {
request.url = '/idp/routeComplete';
request.method = 'POST';
const oidcInteraction = { session: { accountId: 'account' }} as any;
provider.interactionDetails.mockResolvedValueOnce(oidcInteraction);
await expect(handler.handle({ request, response })).resolves.toBeUndefined();
expect(routes.complete.handler.handleSafe).toHaveBeenCalledTimes(1);
expect(routes.complete.handler.handleSafe).toHaveBeenLastCalledWith({ request, oidcInteraction });
expect(interactionCompleter.handleSafe).toHaveBeenCalledTimes(1); expect(interactionCompleter.handleSafe).toHaveBeenCalledTimes(1);
expect(interactionCompleter.handleSafe).toHaveBeenLastCalledWith({ request, response, webId: 'webId' }); expect(interactionCompleter.handleSafe).toHaveBeenLastCalledWith({ request, response, webId: 'webId' });
}); });