Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-03-31 22:51:25 -05:00
Code Issues Activity

feat(experience): hide the path and parameter in redirectUri (#5320)

Browse source 
feat(experience): hide the path and paramter in redirectUri

hide the path and paramters in redirectUri
This commit is contained in:
simeng-li 2024-01-29 10:18:53 +08:00 committed by GitHub
parent 63184db15a
commit 0a02ca2887
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
packages/experience/src/pages/Consent/index.tsx
View file

@ -13,6 +13,7 @@ import OrganizationSelector, { type Organization } from './OrganizationSelector'
import ScopesListCard from './ScopesListCard';
import UserProfile from './UserProfile';
import * as styles from './index.module.scss';
import { getRedirectUriOrigin } from './util';
const Consent = () => {
const handleError = useErrorHandler();
@ -103,7 +104,7 @@ const Consent = () => {
<Button title="action.authorize" onClick={consentHandler} />
</div>
<div className={styles.redirectUri}>
{t('description.redirect_to', { name: consentData.redirectUri })}
{t('description.redirect_to', { name: getRedirectUriOrigin(consentData.redirectUri) })}
</div>
<div className={styles.footerLink}>
{t('description.not_you')}{' '}

15
packages/experience/src/pages/Consent/util.test.ts Normal file
View file

@ -0,0 +1,15 @@
import { getRedirectUriOrigin } from './util';
describe('consent page utils', () => {
it('getRedirectUriOrigin should return the origin if the redirectUri is a http url', () => {
const redirectUri = 'https://logto.io/callback?code=123';
const origin = getRedirectUriOrigin(redirectUri);
expect(origin).toEqual('https://logto.io');
});
it('getRedirectUriOrigin should return the original uri if the redirectUri is not a http url', () => {
const redirectUri = 'io.logto://callback?code=123';
const origin = getRedirectUriOrigin(redirectUri);
expect(origin).toEqual(redirectUri);
});
});

17
packages/experience/src/pages/Consent/util.ts Normal file
View file

@ -0,0 +1,17 @@
/**
* We need to hide the query params and path from the redirectUri for security reasons when displaying it to the user.
*
* if the redirectUri is a http url, we should return the origin
* Otherwise return the original uri. e.g. native schema io.logto://callback
*/
export const getRedirectUriOrigin = (redirectUri: string) => {
const url = new URL(redirectUri);
// If the redirectUri is a http url, we should return the origin
if (url.protocol.startsWith('http')) {
return url.origin;
}
// Otherwise return the original uri. e.g. native schema io.logto://callback
return redirectUri;
};