class Doorkeeper::RedirectUriValidator

ActiveModel validator for redirect URI validation in according to OAuth standards and Doorkeeper configuration.

Public Instance Methods

validate_each(record, attribute, value) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 9
def validate_each(record, attribute, value)
  if value.blank?
    return if Doorkeeper.config.allow_blank_redirect_uri?(record)

    record.errors.add(attribute, :blank)
  else
    value.split.each do |val|
      next if oob_redirect_uri?(val)

      uri = ::URI.parse(val)
      record.errors.add(attribute, :forbidden_uri) if forbidden_uri?(uri)
      record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
      record.errors.add(attribute, :unspecified_scheme) if unspecified_scheme?(uri)
      record.errors.add(attribute, :relative_uri) if relative_uri?(uri)
      record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
      record.errors.add(attribute, :invalid_uri) if unspecified_host?(uri)
    end
  end
rescue URI::InvalidURIError
  record.errors.add(attribute, :invalid_uri)
end

Private Instance Methods

forbidden_uri?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 37
def forbidden_uri?(uri)
  Doorkeeper.config.forbid_redirect_uri.call(uri)
end
invalid_ssl_uri?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 55
def invalid_ssl_uri?(uri)
  forces_ssl = Doorkeeper.config.force_ssl_in_redirect_uri
  non_https = uri.try(:scheme) == "http"

  if forces_ssl.respond_to?(:call)
    forces_ssl.call(uri) && non_https
  else
    forces_ssl && non_https
  end
end
oob_redirect_uri?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 33
def oob_redirect_uri?(uri)
  Doorkeeper::OAuth::NonStandard::IETF_WG_OAUTH2_OOB_METHODS.include?(uri)
end
relative_uri?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 51
def relative_uri?(uri)
  uri.scheme.nil? && uri.host.blank?
end
unspecified_host?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 47
def unspecified_host?(uri)
  uri.is_a?(URI::HTTP) && uri.host.blank?
end
unspecified_scheme?(uri) click to toggle source
# File lib/doorkeeper/orm/active_record/redirect_uri_validator.rb, line 41
def unspecified_scheme?(uri)
  return true if uri.opaque.present?

  %w[localhost].include?(uri.try(:scheme))
end