Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ULP-3649][ULP-3712] Fix: URL fragments in SAML Sign in URLs #171

Merged
merged 3 commits into from
Jun 29, 2022
Merged

[ULP-3649][ULP-3712] Fix: URL fragments in SAML Sign in URLs #171

merged 3 commits into from
Jun 29, 2022

Conversation

ganeshrajsekar
Copy link
Contributor

@ganeshrajsekar ganeshrajsekar commented Jun 28, 2022
edited by albertburchi-okta
Loading

Description

Purpose: This PR solves an existing bug in SAML request URL construction during sign in. If the URL contains any fragments, the fragments are not always appended at the end of the URL after all the query params.

Eg: When parsing https://example.com/#Test.

The PR solves the problem by stripping fragments and query from URL and then appending them in the correct order after parsing stage.

References

ESD Ticket: https://auth0team.atlassian.net/browse/ESD-19892 for more context

Testing

Added Unit tests for this fix covering typical URL examples with/without fragments & with/without query params

  • This change adds test coverage for new/changed/fixed functionality

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs -> Not Applicable for this change
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not master

sebadoom
sebadoom requested changes Jun 28, 2022
View reviewed changes
Copy link

@sebadoom sebadoom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some changes required. I would stick to common URL patterns, rather than weird combinations. That is, it is fine to include some weird cases, but the base common cases should all be covered.

lib/passport-wsfed-saml2/samlp.js Outdated Show resolved Hide resolved
test/samlp.tests.js Outdated Show resolved Hide resolved
test/samlp.tests.js Outdated Show resolved Hide resolved
test/samlp.tests.js Outdated Show resolved Hide resolved
sebadoom
sebadoom approved these changes Jun 28, 2022
View reviewed changes
Copy link

@sebadoom sebadoom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Please remove the templates from the PR description.

@sebadoom sebadoom changed the title [ULP-3649] Fix: URL fragments in SAML Sign in URLs [ULP-3649][ULP-3705] Fix: URL fragments in SAML Sign in URLs Jun 28, 2022
@sebadoom sebadoom changed the title [ULP-3649][ULP-3705] Fix: URL fragments in SAML Sign in URLs [ULP-3649][ULP-3712] Fix: URL fragments in SAML Sign in URLs Jun 28, 2022
@ganeshrajsekar ganeshrajsekar marked this pull request as ready for review June 29, 2022 14:40
@sebadoom sebadoom merged commit f0b7687 into auth0:master Jun 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sebadoom sebadoom sebadoom approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ganeshrajsekar @sebadoom