auth-backend: fix but where undefined state values where being stringified

Signed-off-by: Patrik Oldsberg <poldsberg@gmail.com>
This commit is contained in:
Patrik Oldsberg
2021-08-24 17:42:04 +02:00
parent fe1277fc39
commit ea9fe95674
4 changed files with 41 additions and 2 deletions
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-auth-backend': patch
---
Fixed a bug where OAuth state parameters would be serialized as the string `'undefined'`.
+1
View File
@@ -50,6 +50,7 @@
"jose": "^1.27.1",
"jwt-decode": "^3.1.0",
"knex": "^0.95.1",
"lodash": "^4.17.21",
"luxon": "^2.0.2",
"minimatch": "^3.0.3",
"morgan": "^1.10.0",
@@ -15,9 +15,39 @@
*/
import express from 'express';
import { verifyNonce, encodeState } from './helpers';
import { verifyNonce, encodeState, readState } from './helpers';
describe('OAuthProvider Utils', () => {
describe('encodeState', () => {
it('should serialized values', () => {
const state = {
nonce: '123',
env: 'development',
origin: 'https://example.com',
};
const encoded = encodeState(state);
expect(encoded).toBe(
Buffer.from(
'nonce=123&env=development&origin=https%3A%2F%2Fexample.com',
).toString('hex'),
);
expect(readState(encoded)).toEqual(state);
});
it('should not include undefined values', () => {
const state = { nonce: '123', env: 'development', origin: undefined };
const encoded = encodeState(state);
expect(encoded).toBe(
Buffer.from('nonce=123&env=development').toString('hex'),
);
expect(readState(encoded)).toEqual(state);
});
});
describe('verifyNonce', () => {
it('should throw error if cookie nonce missing', () => {
const state = { nonce: 'NONCE', env: 'development' };
@@ -16,6 +16,7 @@
import express from 'express';
import { OAuthState } from './types';
import pickBy from 'lodash/pickBy';
export const readState = (stateString: string): OAuthState => {
const state = Object.fromEntries(
@@ -34,7 +35,9 @@ export const readState = (stateString: string): OAuthState => {
};
export const encodeState = (state: OAuthState): string => {
const stateString = new URLSearchParams(state).toString();
const stateString = new URLSearchParams(
pickBy(state, value => value !== undefined),
).toString();
return Buffer.from(stateString, 'utf-8').toString('hex');
};