Class: UDAPSecurityTestKit::UDAPClientAppLaunchAuthorizationRequestVerification

Inherits:
Inferno::Test
  • Object
show all
Includes:
URLs
Defined in:
lib/udap_security_test_kit/client_suite/authorization_request_verification_test.rb

Instance Method Summary collapse

Methods included from URLs

#client_authorization_url, #client_base_url, #client_fhir_base_url, #client_introspection_url, #client_registration_url, #client_resume_fail_url, #client_resume_pass_url, #client_token_url, #client_udap_discovery_url

Instance Method Details

#check_request_params(params, request_num) ⇒ Object

rubocop:disable Metrics/CyclomaticComplexity



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/udap_security_test_kit/client_suite/authorization_request_verification_test.rb', line 52

def check_request_params(params, request_num) # rubocop:disable Metrics/CyclomaticComplexity
  if params['response_type'] != 'code'
    add_message('error',
                "Authorization request #{request_num} had an incorrect `response_type`: expected 'code', " \
                "but got '#{params['response_type']}'")
  end
  if params['client_id'] != client_id
    add_message('error',
                "Authorization request #{request_num} had an incorrect `client_id`: expected #{client_id}, " \
                "but got '#{params['client_id']}'")
  end
  registration_body, _registration_header = JWT.decode(udap_registration_jwt, nil, false)
  if params['redirect_uri'].present?
    # must be a registered redirect_uri
    unless registration_body['redirect_uris']&.include?(params['redirect_uri'])
      add_message('error',
                  "Authorization request #{request_num} had an invalid `redirect_uri`: expected one of " \
                  "'#{registration_body['redirect_uris']&.join(', ')}', but got '#{params['redirect_uri']}'")
    end
  else
    # can only be one registered redirect_uri
    unless registration_body['redirect_uris']&.length == 1
      add_message('error',
                  "Authorization request #{request_num} had an invalid `redirect_uri`: expected one of " \
                  "'#{registration_body['redirect_uris']&.join(', ')}', but got none")
    end
  end

  if params['state'].blank?
    add_message('warning',
                "Authorization request #{request_num} is missing the recommended `state` element")
  end

  nil
end

#client_suite_idObject 



32
33
34
35
36
 
# File 'lib/udap_security_test_kit/client_suite/authorization_request_verification_test.rb', line 32

def client_suite_id
  return config.options[:endpoint_suite_id] if config.options[:endpoint_suite_id].present?

  UDAPSecurityTestKit::UDAPSecurityClientTestSuite.id
end