Elgato_dark/appwrite
1
0
Fork 0
mirror of https://github.com/appwrite/appwrite synced 2026-05-24 09:28:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #10589 from appwrite/ser-377

Browse source 
Handle OIDC well-known endpoint errors
This commit is contained in:
Matej Bačo 2025-10-03 10:44:38 +02:00 committed by GitHub
commit 59d5c49818
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 74 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/Appwrite/Auth/OAuth2/Oidc.php
View file

@ -273,6 +273,9 @@ class Oidc extends OAuth2
{ {
if (empty($this->wellKnownConfiguration)) { if (empty($this->wellKnownConfiguration)) {
$response = $this->request('GET', $this->getWellKnownEndpoint()); $response = $this->request('GET', $this->getWellKnownEndpoint());
if (empty($response)) {
throw new Exception('Invalid well-known configuration');
}
$this->wellKnownConfiguration = \json_decode($response, true); $this->wellKnownConfiguration = \json_decode($response, true);
} }

71
tests/e2e/Services/Account/AccountCustomClientTest.php
View file

@ -1539,6 +1539,77 @@ class AccountCustomClientTest extends Scope
return []; return [];
} }
public function testCreateOidcOAuth2Token(): array
{
$provider = 'oidc';
$appId = '1';
// Valid well-known configuration
$secret = '{
"wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration",
"authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"tokenEndpoint": "https://oauth2.googleapis.com/token",
"userinfoEndpoint": "https://openidconnect.googleapis.com/v1/userinfo"
}';
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/oauth2', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'provider' => $provider,
'appId' => $appId,
'secret' => $secret,
'enabled' => true,
]);
$this->assertEquals(200, $response['headers']['status-code']);
$response = $this->client->call(Client::METHOD_GET, '/account/tokens/oauth2/' . $provider, array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'provider' => $provider,
'success' => 'http://localhost/v1/mock/tests/general/oauth2/success',
'failure' => 'http://localhost/v1/mock/tests/general/oauth2/failure',
], true, false);
$this->assertEquals(301, $response['headers']['status-code']);
// Invalid well-known configuration
$secret = '{}';
$response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $this->getProject()['$id'] . '/oauth2', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => 'console',
'cookie' => 'a_session_console=' . $this->getRoot()['session'],
]), [
'provider' => $provider,
'appId' => $appId,
'secret' => $secret,
'enabled' => true,
]);
$this->assertEquals(200, $response['headers']['status-code']);
$response = $this->client->call(Client::METHOD_GET, '/account/tokens/oauth2/' . $provider, array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'provider' => $provider,
'success' => 'http://localhost/v1/mock/tests/general/oauth2/success',
'failure' => 'http://localhost/v1/mock/tests/general/oauth2/failure',
]);
$this->assertEquals(500, $response['headers']['status-code']);
return [];
}
public function testBlockedAccount(): array public function testBlockedAccount(): array
{ {
$email = uniqid() . 'user@localhost.test'; $email = uniqid() . 'user@localhost.test';