refactor: use invalid_redirect_uri over redirect_uri_mismatch error

BREAKING CHANGE: RedirectUriMismatch error was removed. BREAKING CHANGE: `redirect_uri_mismatch` error codes are now `invalid_redirect_uri`.
panva · Oct 30, 2019 · 2565cce · 2565cce
1 parent 56b62cc
commit 2565cce
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 18 deletions.
diff --git a/lib/actions/authorization/check_redirect_uri.js b/lib/actions/authorization/check_redirect_uri.js
@@ -1,13 +1,13 @@
-const { RedirectUriMismatch } = require('../../helpers/errors');
+const { InvalidRedirectUri } = require('../../helpers/errors');
 
 /*
  * Checks that provided redirect_uri is whitelisted by the client configuration
  *
- * @throws: redirect_uri_mismatch
+ * @throws: invalid_redirect_uri
  */
 module.exports = function checkRedirectUri(ctx, next) {
   if (!ctx.oidc.client.redirectUriAllowed(ctx.oidc.params.redirect_uri)) {
-    throw new RedirectUriMismatch();
+    throw new InvalidRedirectUri();
   } else {
     ctx.oidc.redirectUriCheckPerformed = true;
   }

diff --git a/lib/helpers/errors.js b/lib/helpers/errors.js
@@ -77,12 +77,12 @@ const classes = [
   ['interaction_required'],
   ['invalid_client'],
   ['invalid_dpop_proof'],
+  ['invalid_redirect_uri', 'redirect_uri did not match any of the client\'s registered redirect_uris'],
   ['invalid_request_object'],
   ['invalid_request_uri'],
   ['invalid_software_statement'],
   ['invalid_target'],
   ['login_required'],
-  ['redirect_uri_mismatch', 'redirect_uri did not match any of the client\'s registered redirect_uris'],
   ['registration_not_supported', 'registration parameter provided but not supported'],
   ['request_not_supported', 'request parameter provided but not supported'],
   ['request_uri_not_supported', 'request_uri parameter provided but not supported'],

diff --git a/lib/shared/authorization_error_handler.js b/lib/shared/authorization_error_handler.js
@@ -1,6 +1,6 @@
 const Debug = require('debug');
 
-const { RedirectUriMismatch, WebMessageUriMismatch } = require('../helpers/errors');
+const { InvalidRedirectUri, WebMessageUriMismatch } = require('../helpers/errors');
 const instance = require('../helpers/weak_cache');
 const errOut = require('../helpers/err_out');
 const processSessionState = require('../helpers/process_session_state');
@@ -10,12 +10,12 @@ const oneRedirectUriClients = require('../actions/authorization/one_redirect_uri
 const debug = new Debug('oidc-provider:authentication:error');
 const serverError = new Debug('oidc-provider:server_error');
 const serverErrorTrace = new Debug('oidc-provider:server_error:trace');
-const rendered = new Set(['redirect_uri_mismatch', 'web_message_uri_mismatch']);
+const rendered = new Set(['invalid_redirect_uri', 'web_message_uri_mismatch']);
 
 module.exports = (provider) => {
   const AD_ACTA_CHECKS = Object.entries({
     redirect_uri: {
-      Err: RedirectUriMismatch,
+      Err: InvalidRedirectUri,
       method: 'redirectUriAllowed',
       check: 'redirectUriCheckPerformed',
       recovery: oneRedirectUriClients,

diff --git a/test/core/basic/code.authorization.test.js b/test/core/basic/code.authorization.test.js
@@ -8,7 +8,7 @@ const epochTime = require('../../../lib/helpers/epoch_time');
 const {
   InvalidRequest,
   InvalidClient,
-  RedirectUriMismatch,
+  InvalidRedirectUri,
 } = require('../../../lib/helpers/errors');
 
 const route = '/auth';
@@ -723,13 +723,13 @@ describe('BASIC code', () => {
             })
             .expect(() => {
               expect(spy.firstCall.calledWithMatch({}, { message: 'invalid_request' })).to.be.true;
-              expect(spy.secondCall.calledWithMatch({}, { message: 'redirect_uri_mismatch' })).to.be.true;
+              expect(spy.secondCall.calledWithMatch({}, { message: 'invalid_redirect_uri' })).to.be.true;
             })
             .expect(() => {
               expect(renderSpy.calledOnce).to.be.true;
               const renderArgs = renderSpy.args[0];
-              expect(renderArgs[1]).to.have.property('error', 'redirect_uri_mismatch');
-              expect(renderArgs[2]).to.be.an.instanceof(RedirectUriMismatch);
+              expect(renderArgs[1]).to.have.property('error', 'invalid_redirect_uri');
+              expect(renderArgs[2]).to.be.an.instanceof(InvalidRedirectUri);
             });
         });
 
@@ -761,13 +761,13 @@ describe('BASIC code', () => {
             })
             .expect(() => {
               expect(serverErrorSpy.calledWithMatch({}, { message: 'foobar' })).to.be.true;
-              expect(authErrorSpy.calledWithMatch({}, { message: 'redirect_uri_mismatch' })).to.be.true;
+              expect(authErrorSpy.calledWithMatch({}, { message: 'invalid_redirect_uri' })).to.be.true;
             })
             .expect(() => {
               expect(renderSpy.calledOnce).to.be.true;
               const renderArgs = renderSpy.args[0];
-              expect(renderArgs[1]).to.have.property('error', 'redirect_uri_mismatch');
-              expect(renderArgs[2]).to.be.an.instanceof(RedirectUriMismatch);
+              expect(renderArgs[1]).to.have.property('error', 'invalid_redirect_uri');
+              expect(renderArgs[2]).to.be.an.instanceof(InvalidRedirectUri);
             });
         });
       });
@@ -917,9 +917,9 @@ describe('BASIC code', () => {
             expect(emitSpy.calledOnce).to.be.true;
             expect(renderSpy.calledOnce).to.be.true;
             const renderArgs = renderSpy.args[0];
-            expect(renderArgs[1]).to.have.property('error', 'redirect_uri_mismatch');
+            expect(renderArgs[1]).to.have.property('error', 'invalid_redirect_uri');
             expect(renderArgs[1]).to.have.property('error_description', 'redirect_uri did not match any of the client\'s registered redirect_uris');
-            expect(renderArgs[2]).to.be.an.instanceof(RedirectUriMismatch);
+            expect(renderArgs[2]).to.be.an.instanceof(InvalidRedirectUri);
           });
       });
 

diff --git a/test/pushed_authorization_requests/pushed_authorization_requests.test.js b/test/pushed_authorization_requests/pushed_authorization_requests.test.js
@@ -396,7 +396,7 @@ describe('Pushed Request Object', () => {
               })
               .expect(400)
               .expect({
-                error: 'redirect_uri_mismatch',
+                error: 'invalid_redirect_uri',
                 error_description: "redirect_uri did not match any of the client's registered redirect_uris",
               });
           });

diff --git a/types/index.d.ts b/types/index.d.ts
@@ -1555,7 +1555,7 @@ export namespace errors {
   class LoginRequired extends OIDCProviderError {
     constructor(description?: string, detail?: string);
   }
-  class RedirectUriMismatch extends OIDCProviderError {
+  class InvalidRedirectUri extends OIDCProviderError {
     constructor(description?: string, detail?: string);
   }
   class RegistrationNotSupported extends OIDCProviderError {