Contents

require 'uri'

class RedirectUriValidator < ActiveModel::EachValidator
  def self.native_redirect_uri
    Doorkeeper.configuration.native_redirect_uri
  end

  def validate_each(record, attribute, value)
    if value.blank?
      record.errors.add(attribute, :blank)
    else
      value.split.each do |val|
        uri = ::URI.parse(val)
        return if native_redirect_uri?(uri)
        record.errors.add(attribute, :fragment_present) unless uri.fragment.nil?
        record.errors.add(attribute, :relative_uri) if uri.scheme.nil? || uri.host.nil?
        record.errors.add(attribute, :secured_uri) if invalid_ssl_uri?(uri)
      end
    end
  rescue URI::InvalidURIError
    record.errors.add(attribute, :invalid_uri)
  end

  private

  def native_redirect_uri?(uri)
    self.class.native_redirect_uri.present? && uri.to_s == self.class.native_redirect_uri.to_s
  end

  def invalid_ssl_uri?(uri)
    forces_ssl = Doorkeeper.configuration.force_ssl_in_redirect_uri
    forces_ssl && uri.try(:scheme) == 'http'
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version	Path
doorkeeper-4.2.6	app/validators/redirect_uri_validator.rb
doorkeeper-4.2.5	app/validators/redirect_uri_validator.rb
doorkeeper-4.2.0	app/validators/redirect_uri_validator.rb
doorkeeper-4.1.0	app/validators/redirect_uri_validator.rb
doorkeeper-4.0.0	app/validators/redirect_uri_validator.rb
doorkeeper-4.0.0.rc4	app/validators/redirect_uri_validator.rb
doorkeeper-4.0.0.rc3	app/validators/redirect_uri_validator.rb
doorkeeper-4.0.0.rc2	app/validators/redirect_uri_validator.rb
doorkeeper-4.0.0.rc1	app/validators/redirect_uri_validator.rb
doorkeeper-3.1.0	app/validators/redirect_uri_validator.rb
doorkeeper-3.0.1	app/validators/redirect_uri_validator.rb
doorkeeper-3.0.0	app/validators/redirect_uri_validator.rb
doorkeeper-3.0.0.rc2	app/validators/redirect_uri_validator.rb