From a47efa367402633fbb26919c0b4b47496c0060c4 Mon Sep 17 00:00:00 2001 From: Alex Plekhov <44156348+AlexPlekhov@users.noreply.github.com> Date: Fri, 10 Jun 2022 13:29:37 +0300 Subject: [PATCH 1/4] Update OIDAuthorizationService.m --- Source/AppAuthCore/OIDAuthorizationService.m | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthorizationService.m b/Source/AppAuthCore/OIDAuthorizationService.m index cc749a3f9..4da48032f 100644 --- a/Source/AppAuthCore/OIDAuthorizationService.m +++ b/Source/AppAuthCore/OIDAuthorizationService.m @@ -107,15 +107,17 @@ - (void)cancelWithCompletion:(nullable void (^)(void))completion { + (BOOL)URL:(NSURL *)URL matchesRedirectionURL:(NSURL *)redirectionURL { NSURL *standardizedURL = [URL standardizedURL]; NSURL *standardizedRedirectURL = [redirectionURL standardizedURL]; + NSString *trimmedStdUrlPath = [standardizedURL.path stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"/"]]; + NSString *stdRedirectUrlPath = [standardizedRedirectURL.path stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"/"]]; + return [standardizedURL.scheme caseInsensitiveCompare:standardizedRedirectURL.scheme] == NSOrderedSame && OIDIsEqualIncludingNil(standardizedURL.user, standardizedRedirectURL.user) && OIDIsEqualIncludingNil(standardizedURL.password, standardizedRedirectURL.password) && OIDIsEqualIncludingNil(standardizedURL.host, standardizedRedirectURL.host) && OIDIsEqualIncludingNil(standardizedURL.port, standardizedRedirectURL.port) - && OIDIsEqualIncludingNil(standardizedURL.path, standardizedRedirectURL.path); + && OIDIsEqualIncludingNil(trimmedStdUrlPath, stdRedirectUrlPath); } - - (BOOL)shouldHandleURL:(NSURL *)URL { return [[self class] URL:URL matchesRedirectionURL:_request.redirectURL]; } From 92d86458fed54736f42ad83927a9a98593a3df47 Mon Sep 17 00:00:00 2001 From: aplekhov Date: Thu, 18 Aug 2022 16:48:21 +0300 Subject: [PATCH 2/4] Apply the 'matchesRedirectionURL' checks to consider a path value of "/" as equal to an empty path of "". --- Source/AppAuthCore/OIDAuthorizationService.m | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthorizationService.m b/Source/AppAuthCore/OIDAuthorizationService.m index 4da48032f..349d560bb 100644 --- a/Source/AppAuthCore/OIDAuthorizationService.m +++ b/Source/AppAuthCore/OIDAuthorizationService.m @@ -107,17 +107,19 @@ - (void)cancelWithCompletion:(nullable void (^)(void))completion { + (BOOL)URL:(NSURL *)URL matchesRedirectionURL:(NSURL *)redirectionURL { NSURL *standardizedURL = [URL standardizedURL]; NSURL *standardizedRedirectURL = [redirectionURL standardizedURL]; - NSString *trimmedStdUrlPath = [standardizedURL.path stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"/"]]; - NSString *stdRedirectUrlPath = [standardizedRedirectURL.path stringByTrimmingCharactersInSet:[NSCharacterSet characterSetWithCharactersInString:@"/"]]; - + NSString *normalizedPath = [standardizedURL.path isEqualToString:@"/"] ? @"" + : standardizedURL.path; + NSString *normalizedRedirectPath = [standardizedRedirectURL.path isEqualToString:@"/"] ? @"" + : standardizedRedirectURL.path; return [standardizedURL.scheme caseInsensitiveCompare:standardizedRedirectURL.scheme] == NSOrderedSame && OIDIsEqualIncludingNil(standardizedURL.user, standardizedRedirectURL.user) && OIDIsEqualIncludingNil(standardizedURL.password, standardizedRedirectURL.password) && OIDIsEqualIncludingNil(standardizedURL.host, standardizedRedirectURL.host) && OIDIsEqualIncludingNil(standardizedURL.port, standardizedRedirectURL.port) - && OIDIsEqualIncludingNil(trimmedStdUrlPath, stdRedirectUrlPath); + && OIDIsEqualIncludingNil(normalizedPath, normalizedRedirectPath); } + - (BOOL)shouldHandleURL:(NSURL *)URL { return [[self class] URL:URL matchesRedirectionURL:_request.redirectURL]; } From 20e4fba5974e5e40d9f44ac227a73faa1b9914c8 Mon Sep 17 00:00:00 2001 From: aplekhov Date: Mon, 12 Sep 2022 09:45:45 +0300 Subject: [PATCH 3/4] Increase indent from 2 to 4. Add a comment for changes. --- Source/AppAuthCore/OIDAuthorizationService.m | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthorizationService.m b/Source/AppAuthCore/OIDAuthorizationService.m index 349d560bb..5a249a770 100644 --- a/Source/AppAuthCore/OIDAuthorizationService.m +++ b/Source/AppAuthCore/OIDAuthorizationService.m @@ -107,10 +107,13 @@ - (void)cancelWithCompletion:(nullable void (^)(void))completion { + (BOOL)URL:(NSURL *)URL matchesRedirectionURL:(NSURL *)redirectionURL { NSURL *standardizedURL = [URL standardizedURL]; NSURL *standardizedRedirectURL = [redirectionURL standardizedURL]; + // Some servers adds '/' to the end when there is no 'path'. To relax the equality rules below + // were decided to normalize pathes. So, pathes like '' are the same to '/' now. + // Read more https://github.com/openid/AppAuth-iOS/issues/446 NSString *normalizedPath = [standardizedURL.path isEqualToString:@"/"] ? @"" - : standardizedURL.path; + : standardizedURL.path; NSString *normalizedRedirectPath = [standardizedRedirectURL.path isEqualToString:@"/"] ? @"" - : standardizedRedirectURL.path; + : standardizedRedirectURL.path; return [standardizedURL.scheme caseInsensitiveCompare:standardizedRedirectURL.scheme] == NSOrderedSame && OIDIsEqualIncludingNil(standardizedURL.user, standardizedRedirectURL.user) From 5904646dced21d2a0d732a1a28d65f300736260f Mon Sep 17 00:00:00 2001 From: Alex Plekhov <44156348+AlexPlekhov@users.noreply.github.com> Date: Mon, 24 Oct 2022 17:27:26 +0300 Subject: [PATCH 4/4] Update OIDAuthorizationService.m --- Source/AppAuthCore/OIDAuthorizationService.m | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Source/AppAuthCore/OIDAuthorizationService.m b/Source/AppAuthCore/OIDAuthorizationService.m index 5a249a770..b206b704d 100644 --- a/Source/AppAuthCore/OIDAuthorizationService.m +++ b/Source/AppAuthCore/OIDAuthorizationService.m @@ -107,9 +107,9 @@ - (void)cancelWithCompletion:(nullable void (^)(void))completion { + (BOOL)URL:(NSURL *)URL matchesRedirectionURL:(NSURL *)redirectionURL { NSURL *standardizedURL = [URL standardizedURL]; NSURL *standardizedRedirectURL = [redirectionURL standardizedURL]; - // Some servers adds '/' to the end when there is no 'path'. To relax the equality rules below - // were decided to normalize pathes. So, pathes like '' are the same to '/' now. - // Read more https://github.com/openid/AppAuth-iOS/issues/446 + // An empty path may be represented as '' or '/'. In order to treat these two cases as equivalent, + // we normalize a path of '/' to ''. + // For context: https://github.com/openid/AppAuth-iOS/issues/446 NSString *normalizedPath = [standardizedURL.path isEqualToString:@"/"] ? @"" : standardizedURL.path; NSString *normalizedRedirectPath = [standardizedRedirectURL.path isEqualToString:@"/"] ? @""