Handle redirect URI query concatenation in a better way

0b5f80b4 · Oswaldo Ferreira · 24411b6f · 0b5f80b4 · 0b5f80b4
Commit 0b5f80b4 authored Sep 05, 2017 by Oswaldo Ferreira
2 changed files
--- a/app/controllers/oauth/jira/authorizations_controller.rb
+++ b/app/controllers/oauth/jira/authorizations_controller.rb
@@ -14,8 +14,12 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base

  # 2. Handle the callback call as we were a Github Enterprise instance client.
  def callback
-    # TODO: join url params in a better way
-    redirect_to(session['redirect_uri'] + '&code=' + params[:code])
+    # Handling URI query params concatenation.
+    redirect_uri = URI.parse(session['redirect_uri'])
+    new_query = URI.decode_www_form(String(redirect_uri.query)) << ['code', params[:code]]
+    redirect_uri.query = URI.encode_www_form(new_query)
+
+    redirect_to redirect_uri.to_s
  end

  # 3. Rewire and adjust access_token request accordingly.
@@ -25,13 +29,8 @@ class Oauth::Jira::AuthorizationsController < ActionController::Base
                    .merge(grant_type: 'authorization_code', redirect_uri: oauth_jira_callback_url)

    auth_response = HTTParty.post(oauth_token_url, body: auth_params)
+    token_type, scope, token = auth_response['token_type'], auth_response['scope'], auth_response['access_token']

-    # TODO: join url params in a better way
-    token = "access_token=" +
-            auth_response['access_token'] + "&scope=" +
-            auth_response['scope'] + "&token_type=" +
-            auth_response['token_type']
-
-    render text: token
+    render text: "access_token=#{token}&scope=#{scope}&token_type=#{token_type}"
  end
 end
--- a/spec/controllers/oauth/jira/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/jira/authorizations_controller_spec.rb
@@ -13,6 +13,14 @@ describe Oauth::Jira::AuthorizationsController do

  describe 'GET callback' do
    it 'redirects to redirect_uri on session with code param' do
+      session['redirect_uri'] = 'http://example.com'
+
+      get :callback, code: 'hash-123'
+
+      expect(response).to redirect_to('http://example.com?code=hash-123')
+    end
+
+    it 'redirects to redirect_uri on session with code param preserving existing query' do
      session['redirect_uri'] = 'http://example.com?foo=bar'

      get :callback, code: 'hash-123'
@@ -27,7 +35,7 @@ describe Oauth::Jira::AuthorizationsController do
                               'client_id' => 'client-123',
                               'client_secret' => 'secret-123',
                               'grant_type' => 'authorization_code',
-                               'redirect_uri' => 'http://test.host/jira/login/oauth/callback' }
+                               'redirect_uri' => 'http://test.host/-/jira/login/oauth/callback' }

      expect(HTTParty).to receive(:post).with(oauth_token_url, body: expected_auth_params) do
        { 'access_token' => 'fake-123', 'scope' => 'foo', 'token_type' => 'bar' }