Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
Y
yii2
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
PSDI Army
yii2
Commits
243f0134
Commit
243f0134
authored
May 30, 2014
by
Klimov Paul
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
OpenId return URL comparison advanced to prevent url encode problem
parent
d7a251bb
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
95 additions
and
1 deletion
+95
-1
CHANGELOG.md
extensions/authclient/CHANGELOG.md
+1
-0
OpenId.php
extensions/authclient/OpenId.php
+26
-1
OpenIdTest.php
tests/unit/extensions/authclient/OpenIdTest.php
+68
-0
No files found.
extensions/authclient/CHANGELOG.md
View file @
243f0134
...
@@ -4,6 +4,7 @@ Yii Framework 2 authclient extension Change Log
...
@@ -4,6 +4,7 @@ Yii Framework 2 authclient extension Change Log
2.
0.0-rc under development
2.
0.0-rc under development
--------------------------
--------------------------
-
Bug #3633: OpenId return URL comparison advanced to prevent url encode problem (klimov-paul)
-
Enh #3416: VKontakte OAuth support added (klimov-paul)
-
Enh #3416: VKontakte OAuth support added (klimov-paul)
...
...
extensions/authclient/OpenId.php
View file @
243f0134
...
@@ -809,7 +809,7 @@ class OpenId extends BaseClient implements ClientInterface
...
@@ -809,7 +809,7 @@ class OpenId extends BaseClient implements ClientInterface
$this
->
returnUrl
.=
(
strpos
(
$this
->
returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$claimedId
;
$this
->
returnUrl
.=
(
strpos
(
$this
->
returnUrl
,
'?'
)
?
'&'
:
'?'
)
.
'openid.claimed_id='
.
$claimedId
;
}
}
if
(
$this
->
data
[
'openid_return_to'
]
!=
$this
->
returnUrl
)
{
if
(
!
$this
->
compareUrl
(
$this
->
data
[
'openid_return_to'
],
$this
->
returnUrl
)
)
{
// The return_to url must match the url of current request.
// The return_to url must match the url of current request.
return
false
;
return
false
;
}
}
...
@@ -949,4 +949,29 @@ class OpenId extends BaseClient implements ClientInterface
...
@@ -949,4 +949,29 @@ class OpenId extends BaseClient implements ClientInterface
{
{
return
array_merge
([
'id'
=>
$this
->
getClaimedId
()],
$this
->
fetchAttributes
());
return
array_merge
([
'id'
=>
$this
->
getClaimedId
()],
$this
->
fetchAttributes
());
}
}
/**
* Compares 2 URLs taking in account possible GET parameters order miss match and URL encoding inconsistencies.
* @param string $expectedUrl expected URL.
* @param string $actualUrl actual URL.
* @return boolean whether URLs are equal.
*/
protected
function
compareUrl
(
$expectedUrl
,
$actualUrl
)
{
$expectedUrlInfo
=
parse_url
(
$expectedUrl
);
$actualUrlInfo
=
parse_url
(
$actualUrl
);
foreach
(
$expectedUrlInfo
as
$name
=>
$expectedValue
)
{
if
(
$name
==
'query'
)
{
parse_str
(
$expectedValue
,
$expectedUrlParams
);
parse_str
(
$actualUrlInfo
[
$name
],
$actualUrlParams
);
$paramsDiff
=
array_diff_assoc
(
$expectedUrlParams
,
$actualUrlParams
);
if
(
!
empty
(
$paramsDiff
))
{
return
false
;
}
}
elseif
(
$expectedValue
!=
$actualUrlInfo
[
$name
])
{
return
false
;
}
}
return
true
;
}
}
}
tests/unit/extensions/authclient/OpenIdTest.php
View file @
243f0134
...
@@ -19,6 +19,23 @@ class OpenIdTest extends TestCase
...
@@ -19,6 +19,23 @@ class OpenIdTest extends TestCase
$this
->
mockApplication
(
$config
,
'\yii\web\Application'
);
$this
->
mockApplication
(
$config
,
'\yii\web\Application'
);
}
}
/**
* Invokes the object method even if it is protected.
* @param object $object object instance
* @param string $methodName name of the method to be invoked.
* @param array $args method arguments.
* @return mixed method invoke result.
*/
protected
function
invokeMethod
(
$object
,
$methodName
,
array
$args
=
[])
{
$classReflection
=
new
\ReflectionClass
(
get_class
(
$object
));
$methodReflection
=
$classReflection
->
getMethod
(
$methodName
);
$methodReflection
->
setAccessible
(
true
);
$result
=
$methodReflection
->
invokeArgs
(
$object
,
$args
);
$methodReflection
->
setAccessible
(
false
);
return
$result
;
}
// Tests :
// Tests :
public
function
testSetGet
()
public
function
testSetGet
()
...
@@ -58,4 +75,55 @@ class OpenIdTest extends TestCase
...
@@ -58,4 +75,55 @@ class OpenIdTest extends TestCase
$this
->
assertArrayHasKey
(
'ax'
,
$info
);
$this
->
assertArrayHasKey
(
'ax'
,
$info
);
$this
->
assertArrayHasKey
(
'sreg'
,
$info
);
$this
->
assertArrayHasKey
(
'sreg'
,
$info
);
}
}
/**
* Data provider for [[testCompareUrl()]]
* @return array test data
*/
public
function
dataProviderCompareUrl
()
{
return
[
[
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
true
],
[
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
'http://domain.com/index.php?r=site/auth&authclient=myclient'
,
true
],
[
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
'http://domain.com/index.php?r=site/auth&authclient=myclient2'
,
false
],
[
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient&custom=value'
,
'http://domain.com/index.php?r=site%2Fauth&custom=value&authclient=myclient'
,
true
],
[
'https://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
'http://domain.com/index.php?r=site%2Fauth&authclient=myclient'
,
false
],
];
}
/**
* @see https://github.com/yiisoft/yii2/issues/3633
*
* @dataProvider dataProviderCompareUrl
*
* @param string $url1
* @param string $url2
* @param boolean $expectedResult
*/
public
function
testCompareUrl
(
$url1
,
$url2
,
$expectedResult
)
{
$client
=
new
OpenId
();
$comparisonResult
=
$this
->
invokeMethod
(
$client
,
'compareUrl'
,
[
$url1
,
$url2
]);
$this
->
assertEquals
(
$expectedResult
,
$comparisonResult
);
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment