Module: Doorkeeper::OAuth::Helpers::URIChecker

Defined in:
lib/doorkeeper/oauth/helpers/uri_checker.rb

Class Method Summary collapse

Class Method Details

.as_uri(url) ⇒ Object


51
52
53
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 51

def self.as_uri(url)
  URI.parse(url)
end

.hypertext_scheme?(uri) ⇒ Boolean

Returns:

  • (Boolean)

69
70
71
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 69

def self.hypertext_scheme?(uri)
  %w[http https].include?(uri.scheme)
end

.iff_host?(uri) ⇒ Boolean

Returns:

  • (Boolean)

73
74
75
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 73

def self.iff_host?(uri)
  !(hypertext_scheme?(uri) && uri.host.nil?)
end

.loopback_uri?(uri) ⇒ Boolean

Returns:

  • (Boolean)

41
42
43
44
45
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 41

def self.loopback_uri?(uri)
  IPAddr.new(uri.host).loopback?
rescue IPAddr::Error
  false
end

.matches?(url, client_url) ⇒ Boolean

Returns:

  • (Boolean)

18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 18

def self.matches?(url, client_url)
  url = as_uri(url)
  client_url = as_uri(client_url)

  unless client_url.query.nil?
    return false unless query_matches?(url.query, client_url.query)

    # Clear out queries so rest of URI can be tested. This allows query
    # params to be in the request but order not mattering.
    client_url.query = nil
  end

  # RFC8252, Paragraph 7.3
  # @see https://tools.ietf.org/html/rfc8252#section-7.3
  if loopback_uri?(url) && loopback_uri?(client_url)
    url.port = nil
    client_url.port = nil
  end

  url.query = nil
  url == client_url
end

.oob_uri?(uri) ⇒ Boolean

Returns:

  • (Boolean)

77
78
79
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 77

def self.oob_uri?(uri)
  NonStandard::IETF_WG_OAUTH2_OOB_METHODS.include?(uri)
end

.query_matches?(query, client_query) ⇒ Boolean

Returns:

  • (Boolean)

55
56
57
58
59
60
61
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 55

def self.query_matches?(query, client_query)
  return true if client_query.blank? && query.blank?
  return false if client_query.nil? || query.nil?

  # Will return true independent of query order
  client_query.split("&").sort == query.split("&").sort
end

.valid?(url) ⇒ Boolean

Returns:

  • (Boolean)

9
10
11
12
13
14
15
16
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 9

def self.valid?(url)
  return true if oob_uri?(url)

  uri = as_uri(url)
  valid_scheme?(uri) && iff_host?(uri) && uri.fragment.nil? && uri.opaque.nil?
rescue URI::InvalidURIError
  false
end

.valid_for_authorization?(url, client_url) ⇒ Boolean

Returns:

  • (Boolean)

47
48
49
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 47

def self.valid_for_authorization?(url, client_url)
  valid?(url) && client_url.split.any? { |other_url| matches?(url, other_url) }
end

.valid_scheme?(uri) ⇒ Boolean

Returns:

  • (Boolean)

63
64
65
66
67
# File 'lib/doorkeeper/oauth/helpers/uri_checker.rb', line 63

def self.valid_scheme?(uri)
  return false if uri.scheme.nil?

  %w[localhost].include?(uri.scheme) == false
end