Skip to content

Commit e0e15ca

Browse files
feat(oauth,oidc): support relative redirect URL
1 parent 3f7bb0d commit e0e15ca

2 files changed

Lines changed: 18 additions & 22 deletions

File tree

packages/methods/shield-oauth/src/actions/sign_in.rs

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,8 @@ use crate::{
1717
#[derive(Debug, Deserialize)]
1818
#[serde(rename_all = "camelCase")]
1919
pub struct SignInData {
20-
pub redirect_origin: Option<Url>,
21-
pub redirect_url: Option<Url>,
20+
pub redirect_origin: Url,
21+
pub redirect_url: Option<String>,
2222
}
2323

2424
pub struct OauthSignInAction {
@@ -91,15 +91,13 @@ impl Action<OauthProvider, OauthSession> for OauthSignInAction {
9191
let data = serde_json::from_value::<SignInData>(request.form_data)
9292
.map_err(|err| ShieldError::Validation(err.to_string()))?;
9393

94-
let redirect_url = data.redirect_url.or_else(|| {
95-
data.redirect_origin.and_then(|redirect_origin| {
96-
redirect_origin.join(&self.options.sign_in_redirect).ok()
97-
})
98-
});
94+
let redirect_url = data
95+
.redirect_url
96+
.map(|redirect_url| data.redirect_origin.join(&redirect_url))
97+
.unwrap_or_else(|| data.redirect_origin.join(&self.options.sign_in_redirect))
98+
.map_err(|err| ShieldError::Validation(format!("redirect URL parse error: {err}")))?;
9999

100-
if let Some(redirect_url) = &redirect_url
101-
&& let Some(redirect_origins) = &self.options.redirect_origins
102-
{
100+
if let Some(redirect_origins) = &self.options.redirect_origins {
103101
let redirect_origin = Url::parse(&redirect_url.origin().ascii_serialization())
104102
.map_err(|err| {
105103
ShieldError::Validation(format!("redirect origin parse error: {err}"))
@@ -148,7 +146,7 @@ impl Action<OauthProvider, OauthSession> for OauthSignInAction {
148146
Ok(Response::new(ResponseType::Redirect(auth_url.to_string()))
149147
.session_action(SessionAction::Unauthenticate)
150148
.session_action(SessionAction::data(OauthSession {
151-
redirect_url,
149+
redirect_url: Some(redirect_url),
152150
csrf: Some(csrf_token.secret().clone()),
153151
pkce_verifier: pkce_code_challenge
154152
.map(|(_, pkce_code_verifier)| pkce_code_verifier.secret().clone()),

packages/methods/shield-oidc/src/actions/sign_in.rs

Lines changed: 9 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,8 @@ use crate::{
2020
#[derive(Debug, Deserialize)]
2121
#[serde(rename_all = "camelCase")]
2222
pub struct SignInData {
23-
pub redirect_origin: Option<Url>,
24-
pub redirect_url: Option<Url>,
23+
pub redirect_origin: Url,
24+
pub redirect_url: Option<String>,
2525
}
2626

2727
pub struct OidcSignInAction {
@@ -94,15 +94,13 @@ impl Action<OidcProvider, OidcSession> for OidcSignInAction {
9494
let data = serde_json::from_value::<SignInData>(request.form_data)
9595
.map_err(|err| ShieldError::Validation(err.to_string()))?;
9696

97-
let redirect_url = data.redirect_url.or_else(|| {
98-
data.redirect_origin.and_then(|redirect_origin| {
99-
redirect_origin.join(&self.options.sign_in_redirect).ok()
100-
})
101-
});
97+
let redirect_url = data
98+
.redirect_url
99+
.map(|redirect_url| data.redirect_origin.join(&redirect_url))
100+
.unwrap_or_else(|| data.redirect_origin.join(&self.options.sign_in_redirect))
101+
.map_err(|err| ShieldError::Validation(format!("redirect URL parse error: {err}")))?;
102102

103-
if let Some(redirect_url) = &redirect_url
104-
&& let Some(redirect_origins) = &self.options.redirect_origins
105-
{
103+
if let Some(redirect_origins) = &self.options.redirect_origins {
106104
let redirect_origin = Url::parse(&redirect_url.origin().ascii_serialization())
107105
.map_err(|err| {
108106
ShieldError::Validation(format!("redirect origin parse error: {err}"))
@@ -153,7 +151,7 @@ impl Action<OidcProvider, OidcSession> for OidcSignInAction {
153151
Ok(Response::new(ResponseType::Redirect(auth_url.to_string()))
154152
.session_action(SessionAction::unauthenticate())
155153
.session_action(SessionAction::data(OidcSession {
156-
redirect_url,
154+
redirect_url: Some(redirect_url),
157155
csrf: Some(csrf_token.secret().clone()),
158156
nonce: Some(nonce.secret().clone()),
159157
pkce_verifier: pkce_code_challenge

0 commit comments

Comments
 (0)