Change check for logout vs authorize

auth0 · Oct 27, 2023 · 4298b00 · 4298b00
1 parent ff6e143
commit 4298b00
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 1 deletion.
diff --git a/src/Auth0.OidcClient.MAUI.Platforms.Windows/WebAuthenticator.cs b/src/Auth0.OidcClient.MAUI.Platforms.Windows/WebAuthenticator.cs
@@ -87,7 +87,7 @@ private void CurrentAppInstance_Activated(object? sender, IAppActivationArgument
                 cancellationToken.ThrowIfCancellationRequested();
             }
 
-            var newUri = authorizeUri.ToString().IndexOf("logout", StringComparison.CurrentCultureIgnoreCase) > -1 ? StateModifier.MoveStateToReturnTo(authorizeUri) : authorizeUri;
+            var newUri = authorizeUri.AbsolutePath == "/v2/logout" ? StateModifier.MoveStateToReturnTo(authorizeUri) : authorizeUri;
 
             _helpers.OpenBrowser(newUri);
 

diff --git a/test/Auth0.OidcClient.MAUI.Platforms.Windows.UnitTests/WebAuthenticatorTests.cs b/test/Auth0.OidcClient.MAUI.Platforms.Windows.UnitTests/WebAuthenticatorTests.cs
@@ -111,6 +111,56 @@ public void Should_Open_Browser_With_State()
         mockHelpers.Verify(d => d.OpenBrowser(It.Is<Uri>(uri => HasStateParam(uri, "appInstanceKey") && HasStateParam(uri, "taskId") )));
     }
 
+    [Fact]
+    public void Should_Open_Browser_With_State_When_Logout_In_Domain_Name()
+    {
+        var mockAppInstance = new Mock<IAppInstanceProxy>();
+        var mockHelpers = new Mock<IHelpers>();
+        var mockTasksManager = new Mock<ITasksManager>();
+        var mockActivator = new Mock<IActivator>();
+
+        mockActivator.SetupGet(h => h.RedirectActivationChecked).Returns(true);
+        mockHelpers.SetupGet(h => h.IsAppPackaged).Returns(true);
+        mockHelpers.Setup(h => h.IsUriProtocolDeclared("myapp")).Returns(true);
+        mockHelpers.Setup(h => h.OpenBrowser(It.IsAny<Uri>()));
+        mockAppInstance.Setup(a => a.GetCurrentAppKey()).Returns("test");
+
+        var webAuthenticator = new WebAuthenticator(mockAppInstance.Object, mockHelpers.Object, mockTasksManager.Object, mockActivator.Object);
+
+        // Do no await so we can leave the method again
+#pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
+        webAuthenticator.AuthenticateAsync(new Uri("http://www.logout.com"), new Uri("myapp://callback"));
+#pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
+
+
+        mockHelpers.Verify(d => d.OpenBrowser(It.Is<Uri>(uri => HasStateParam(uri, "appInstanceKey") && HasStateParam(uri, "taskId"))));
+    }
+
+    [Fact]
+    public void Should_Open_Browser_With_State_On_Logout()
+    {
+        var mockAppInstance = new Mock<IAppInstanceProxy>();
+        var mockHelpers = new Mock<IHelpers>();
+        var mockTasksManager = new Mock<ITasksManager>();
+        var mockActivator = new Mock<IActivator>();
+
+        mockActivator.SetupGet(h => h.RedirectActivationChecked).Returns(true);
+        mockHelpers.SetupGet(h => h.IsAppPackaged).Returns(true);
+        mockHelpers.Setup(h => h.IsUriProtocolDeclared("myapp")).Returns(true);
+        mockHelpers.Setup(h => h.OpenBrowser(It.IsAny<Uri>()));
+        mockAppInstance.Setup(a => a.GetCurrentAppKey()).Returns("test");
+
+        var webAuthenticator = new WebAuthenticator(mockAppInstance.Object, mockHelpers.Object, mockTasksManager.Object, mockActivator.Object);
+
+        // Do no await so we can leave the method again
+#pragma warning disable CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
+        webAuthenticator.AuthenticateAsync(new Uri("http://www.idp.com/v2/logout?returnTo=myapp://callback"), new Uri("myapp://callback"));
+#pragma warning restore CS4014 // Because this call is not awaited, execution of the current method continues before the call is completed
+
+
+        mockHelpers.Verify(d => d.OpenBrowser(It.Is<Uri>(uri => HasStateParamOnReturnTo(uri, "appInstanceKey") && HasStateParamOnReturnTo(uri, "taskId"))));
+    }
+
     [Fact]
     public async void Should_return_WebAuthenticatorResult_With_Original_State()
     {
@@ -233,6 +283,18 @@ public void Should_Resume_On_Activated()
         mockTasksManager.Verify(d => d.ResumeTask(It.IsAny<Uri>(), "def"));
     }
 
+    private bool HasStateParamOnReturnTo(Uri uri, string paramName)
+    {
+        var query = System.Web.HttpUtility.ParseQueryString(uri.Query);
+
+        // The original returnTo as configured externally
+        var returnTo = query["returnTo"];
+
+        var returnToUri = new Uri(returnTo ?? string.Empty);
+        return HasStateParam(returnToUri, paramName);
+
+    }
+
     private bool HasStateParam(Uri uri, string paramName)
     {
         var query = System.Web.HttpUtility.ParseQueryString(uri.Query);