ezidam, openid: check scopes, check response types before getting app

2023-03-16 00:05:54 +01:00 · 2023-03-16 00:05:54 +01:00 · 8ae0c59a25
commit 8ae0c59a25
parent 396856eee5
7 changed files with 98 additions and 3 deletions
--- a/crates/openid/src/scopes.rs
+++ b/crates/openid/src/scopes.rs
@ -1,5 +1,6 @@
 use itertools::Itertools;
 use openidconnect::Scope;
+use std::collections::HashSet;

 pub struct SupportedScopes(pub Vec<Scope>);

@ -7,6 +8,16 @@ impl SupportedScopes {
    pub fn url_format() -> String {
        Self::default().0.iter().map(|s| s.as_str()).join(" ")
    }
+    pub fn check_supported_scopes(scopes: &str) -> bool {
+        if scopes.is_empty() {
+            return false;
+        }
+
+        let list = Self::default();
+        let scope_set: &HashSet<_> = &list.0.iter().map(|s| s.as_str()).collect();
+        let requested_scopes: HashSet<_> = scopes.split_whitespace().collect();
+        requested_scopes.is_subset(scope_set)
+    }
 }

 impl Default for SupportedScopes {
@ -18,3 +29,25 @@ impl Default for SupportedScopes {
        ])
    }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::SupportedScopes;
+
+    #[test]
+    fn check_valid() {
+        assert!(SupportedScopes::check_supported_scopes("openid"));
+        assert!(SupportedScopes::check_supported_scopes("profile email"));
+        assert!(SupportedScopes::check_supported_scopes("email openid"));
+    }
+
+    #[test]
+    fn check_invalid() {
+        assert!(!SupportedScopes::check_supported_scopes(""));
+        assert!(!SupportedScopes::check_supported_scopes("openid abc"));
+        assert!(!SupportedScopes::check_supported_scopes("test"));
+        assert!(!SupportedScopes::check_supported_scopes(
+            "email testing wrong profile"
+        ));
+    }
+}