Unverified Commit a80806ca authored by cmrd Senya's avatar cmrd Senya Committed by Dennis Schubert

Fix ID token issuer field to match discovery data

OpenID Connect spec says:

"The issuer returned by discovery MUST exactly match the value of iss in the ID Token."

https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier

closes #7081
parent b7791e6c
......@@ -110,3 +110,6 @@ module Diaspora
end
end
end
Rails.application.routes.default_url_options[:host] = AppConfig.pod_uri.host
Rails.application.routes.default_url_options[:port] = AppConfig.pod_uri.port
......@@ -51,7 +51,7 @@ module Api
def claims
sub = build_sub
@claims ||= {
iss: AppConfig.environment.url,
iss: Rails.application.routes.url_helpers.root_url,
sub: sub,
aud: @authorization.o_auth_application.client_id,
exp: @expires_at.to_i,
......
require "spec_helper"
describe Api::OpenidConnect::IdToken, type: :model do
describe "#to_jwt" do
let(:auth) { FactoryGirl.create(:auth_with_read) }
let(:id_token) { Api::OpenidConnect::IdToken.new(auth, "nonce") }
describe "decoded data" do
let(:decoded_hash) {
JSON::JWT.decode(id_token.to_jwt, Api::OpenidConnect::IdTokenConfig::PRIVATE_KEY)
}
let(:discovery_controller) {
Api::OpenidConnect::DiscoveryController.new.tap {|controller|
controller.request = ActionController::TestRequest.new
controller.request.host = AppConfig.pod_uri.authority
controller.response = ActionController::TestResponse.new
}
}
let(:openid_webfinger) {
JSON.parse(discovery_controller.webfinger[0])
}
it "issuer value must much the one we provided in OpenID discovery routine" do
expect(decoded_hash["iss"]).to eq(openid_webfinger["links"][0]["href"])
end
end
end
end
......@@ -24,8 +24,6 @@ end
ProcessedImage.enable_processing = false
UnprocessedImage.enable_processing = false
Rails.application.routes.default_url_options[:host] = AppConfig.pod_uri.host
Rails.application.routes.default_url_options[:port] = AppConfig.pod_uri.port
def alice
@alice ||= User.find_by(username: "alice")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment