Merge pull request #1677 from UnidyID/main

Fix URIHelper.valid_for_authorization? breaking for non url URIs
doorkeeper-gem · Nov 23, 2023 · 59162b0 · 59162b0
2 parents 9fc81d5 + 9e16f3c
commit 59162b0
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/doorkeeper/oauth/helpers/uri_checker.rb b/lib/doorkeeper/oauth/helpers/uri_checker.rb
@@ -40,7 +40,7 @@ def self.matches?(url, client_url)
 
         def self.loopback_uri?(uri)
           IPAddr.new(uri.host).loopback?
-        rescue IPAddr::Error
+        rescue IPAddr::Error, IPAddr::InvalidAddressError
           false
         end
 

diff --git a/spec/lib/oauth/helpers/uri_checker_spec.rb b/spec/lib/oauth/helpers/uri_checker_spec.rb
@@ -257,4 +257,18 @@
       expect(described_class).not_to be_query_matches("foo=bar&bing=bang", "foo=bar&bing=banana")
     end
   end
+
+  describe ".loopback_uri?" do
+    it "is true if loopback IP" do
+      expect(described_class).to be_loopback_uri(URI.parse("http://127.0.0.1"))
+    end
+
+    it 'is false if not loopback IP' do
+      expect(described_class).not_to be_loopback_uri(URI.parse("http://example.com"))
+    end
+
+    it 'is false for non URL' do
+      expect(described_class).not_to be_loopback_uri(URI.parse("vscode://file/home/user/.vimrc"))
+    end
+  end
 end