mirror of
https://github.com/logto-io/logto.git
synced 2025-01-06 20:40:08 -05:00
fix(core): fix protected app callback uri (#5308)
This commit is contained in:
wangsijie
GitHub
parent
880e890321
commit
8fb032da7a
7 changed files with 21 additions and 9 deletions
|
|
@ -13,6 +13,7 @@ import type {
|
||||||
} from '@logto/schemas';
|
} from '@logto/schemas';
|
||||||
import { RoleType, ApplicationType, LogtoOidcConfigKey, DomainStatus } from '@logto/schemas';
|
import { RoleType, ApplicationType, LogtoOidcConfigKey, DomainStatus } from '@logto/schemas';
|
||||||
|
|
||||||
|
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||||
import { mockId } from '#src/test-utils/nanoid.js';
|
import { mockId } from '#src/test-utils/nanoid.js';
|
||||||
|
|
||||||
export * from './connector.js';
|
export * from './connector.js';
|
||||||
|
|
@ -54,7 +55,7 @@ export const mockProtectedApplication: Omit<Application, 'protectedAppMetadata'>
|
||||||
type: ApplicationType.Protected,
|
type: ApplicationType.Protected,
|
||||||
description: null,
|
description: null,
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
redirectUris: ['https://mock.protected.dev/callback'],
|
redirectUris: [`https://mock.protected.dev/${protectedAppSignInCallbackUrl}`],
|
||||||
postLogoutRedirectUris: ['https://mock.protected.dev'],
|
postLogoutRedirectUris: ['https://mock.protected.dev'],
|
||||||
},
|
},
|
||||||
customClientMetadata: {
|
customClientMetadata: {
|
||||||
|
|
|
||||||
1
packages/core/src/constants/index.ts
Normal file
1
packages/core/src/constants/index.ts
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
export const protectedAppSignInCallbackUrl = 'sign-in-callback';
|
||||||
|
|
@ -7,6 +7,7 @@ import {
|
||||||
mockCustomDomain,
|
mockCustomDomain,
|
||||||
mockProtectedApplication,
|
mockProtectedApplication,
|
||||||
} from '#src/__mocks__/index.js';
|
} from '#src/__mocks__/index.js';
|
||||||
|
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||||
import RequestError from '#src/errors/RequestError/index.js';
|
import RequestError from '#src/errors/RequestError/index.js';
|
||||||
import {
|
import {
|
||||||
defaultProtectedAppPageRules,
|
defaultProtectedAppPageRules,
|
||||||
|
|
@ -172,7 +173,7 @@ describe('checkAndBuildProtectedAppData()', () => {
|
||||||
pageRules: defaultProtectedAppPageRules,
|
pageRules: defaultProtectedAppPageRules,
|
||||||
},
|
},
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
redirectUris: [`https://${host}/callback`],
|
redirectUris: [`https://${host}/${protectedAppSignInCallbackUrl}`],
|
||||||
postLogoutRedirectUris: [`https://${host}`],
|
postLogoutRedirectUris: [`https://${host}`],
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,7 @@ import {
|
||||||
} from '@logto/schemas';
|
} from '@logto/schemas';
|
||||||
import { isValidSubdomain } from '@logto/shared';
|
import { isValidSubdomain } from '@logto/shared';
|
||||||
|
|
||||||
|
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||||
import { EnvSet, getTenantEndpoint } from '#src/env-set/index.js';
|
import { EnvSet, getTenantEndpoint } from '#src/env-set/index.js';
|
||||||
import RequestError from '#src/errors/RequestError/index.js';
|
import RequestError from '#src/errors/RequestError/index.js';
|
||||||
import {
|
import {
|
||||||
|
|
@ -197,7 +198,7 @@ export const createProtectedAppLibrary = (queries: Queries) => {
|
||||||
pageRules: defaultProtectedAppPageRules,
|
pageRules: defaultProtectedAppPageRules,
|
||||||
},
|
},
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
redirectUris: [`https://${host}/callback`],
|
redirectUris: [`https://${host}/${protectedAppSignInCallbackUrl}`],
|
||||||
postLogoutRedirectUris: [`https://${host}`],
|
postLogoutRedirectUris: [`https://${host}`],
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,7 @@ import { MockTenant } from '#src/test-utils/tenant.js';
|
||||||
const { jest } = import.meta;
|
const { jest } = import.meta;
|
||||||
|
|
||||||
const mockDomain = 'app.example.com';
|
const mockDomain = 'app.example.com';
|
||||||
|
const protectedAppSignInCallbackUrl = 'sign-in-callback';
|
||||||
|
|
||||||
const updateApplicationById = jest.fn();
|
const updateApplicationById = jest.fn();
|
||||||
const findApplicationById = jest.fn(async () => mockProtectedApplication);
|
const findApplicationById = jest.fn(async () => mockProtectedApplication);
|
||||||
|
|
@ -109,8 +110,8 @@ describe('application protected app metadata routes', () => {
|
||||||
`https://${mockDomain}`,
|
`https://${mockDomain}`,
|
||||||
],
|
],
|
||||||
redirectUris: [
|
redirectUris: [
|
||||||
`https://${mockProtectedApplication.protectedAppMetadata.host}/callback`,
|
`https://${mockProtectedApplication.protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`,
|
||||||
`https://${mockDomain}/callback`,
|
`https://${mockDomain}/${protectedAppSignInCallbackUrl}`,
|
||||||
],
|
],
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
@ -169,7 +170,9 @@ describe('application protected app metadata routes', () => {
|
||||||
},
|
},
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
postLogoutRedirectUris: [`https://${mockProtectedApplication.protectedAppMetadata.host}`],
|
postLogoutRedirectUris: [`https://${mockProtectedApplication.protectedAppMetadata.host}`],
|
||||||
redirectUris: [`https://${mockProtectedApplication.protectedAppMetadata.host}/callback`],
|
redirectUris: [
|
||||||
|
`https://${mockProtectedApplication.protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`,
|
||||||
|
],
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
expect(deleteDomainFromRemote).toHaveBeenCalledWith(mockCloudflareData.id);
|
expect(deleteDomainFromRemote).toHaveBeenCalledWith(mockCloudflareData.id);
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
import { customDomainsGuard } from '@logto/schemas';
|
import { customDomainsGuard } from '@logto/schemas';
|
||||||
import { z } from 'zod';
|
import { z } from 'zod';
|
||||||
|
|
||||||
|
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||||
import RequestError from '#src/errors/RequestError/index.js';
|
import RequestError from '#src/errors/RequestError/index.js';
|
||||||
import koaGuard from '#src/middleware/koa-guard.js';
|
import koaGuard from '#src/middleware/koa-guard.js';
|
||||||
import assertThat from '#src/utils/assert-that.js';
|
import assertThat from '#src/utils/assert-that.js';
|
||||||
|
|
@ -94,7 +95,10 @@ export default function applicationProtectedAppMetadataRoutes<T extends AuthedRo
|
||||||
await updateApplicationById(id, {
|
await updateApplicationById(id, {
|
||||||
protectedAppMetadata: { ...protectedAppMetadata, customDomains: [customDomain] },
|
protectedAppMetadata: { ...protectedAppMetadata, customDomains: [customDomain] },
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
redirectUris: [...oidcClientMetadata.redirectUris, `https://${domain}/callback`],
|
redirectUris: [
|
||||||
|
...oidcClientMetadata.redirectUris,
|
||||||
|
`https://${domain}/${protectedAppSignInCallbackUrl}`,
|
||||||
|
],
|
||||||
postLogoutRedirectUris: [
|
postLogoutRedirectUris: [
|
||||||
...oidcClientMetadata.postLogoutRedirectUris,
|
...oidcClientMetadata.postLogoutRedirectUris,
|
||||||
`https://${domain}`,
|
`https://${domain}`,
|
||||||
|
|
@ -153,7 +157,7 @@ export default function applicationProtectedAppMetadataRoutes<T extends AuthedRo
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
...oidcClientMetadata,
|
...oidcClientMetadata,
|
||||||
redirectUris: oidcClientMetadata.redirectUris.filter(
|
redirectUris: oidcClientMetadata.redirectUris.filter(
|
||||||
(uri) => uri !== `https://${domain}/callback`
|
(uri) => uri !== `https://${domain}/${protectedAppSignInCallbackUrl}`
|
||||||
),
|
),
|
||||||
postLogoutRedirectUris: oidcClientMetadata.postLogoutRedirectUris.filter(
|
postLogoutRedirectUris: oidcClientMetadata.postLogoutRedirectUris.filter(
|
||||||
(uri) => uri !== `https://${domain}`
|
(uri) => uri !== `https://${domain}`
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,7 @@ import {
|
||||||
mockCustomDomain,
|
mockCustomDomain,
|
||||||
mockProtectedApplication,
|
mockProtectedApplication,
|
||||||
} from '#src/__mocks__/index.js';
|
} from '#src/__mocks__/index.js';
|
||||||
|
import { protectedAppSignInCallbackUrl } from '#src/constants/index.js';
|
||||||
import { mockId, mockIdGenerators } from '#src/test-utils/nanoid.js';
|
import { mockId, mockIdGenerators } from '#src/test-utils/nanoid.js';
|
||||||
import { createMockQuotaLibrary } from '#src/test-utils/quota.js';
|
import { createMockQuotaLibrary } from '#src/test-utils/quota.js';
|
||||||
import { MockTenant } from '#src/test-utils/tenant.js';
|
import { MockTenant } from '#src/test-utils/tenant.js';
|
||||||
|
|
@ -137,7 +138,7 @@ describe('application route', () => {
|
||||||
type,
|
type,
|
||||||
protectedAppMetadata,
|
protectedAppMetadata,
|
||||||
oidcClientMetadata: {
|
oidcClientMetadata: {
|
||||||
redirectUris: [`https://${protectedAppMetadata.host}/callback`],
|
redirectUris: [`https://${protectedAppMetadata.host}/${protectedAppSignInCallbackUrl}`],
|
||||||
postLogoutRedirectUris: [`https://${protectedAppMetadata.host}`],
|
postLogoutRedirectUris: [`https://${protectedAppMetadata.host}`],
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue