QOAuthHttpServerReplyHandler: fix parsing of parsed URIs

Instead of constructing it via strings, just let QUrl parse it because
it will do so properly. This fixes the incorrect handling of URIs
requested that are a prefix to the URL we want to handle.

Pick-to: 6.7
Change-Id: Ie30a3caf09ef4176bb36fffd17cdb59a516441aa
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>

1 files changed, 111 insertions, 0 deletions

diff --git a/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp b/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
index 6c5d0c6..c3e5798 100644
--- a/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
+++ b/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
@@ -16,11 +16,77 @@ class tst_QOAuthHttpServerReplyHandler : public QObject
     Q_OBJECT
 
 private Q_SLOTS:
+    void callback_data();
     void callback();
+    void callbackWithQuery();
+    void badCallbackUris_data();
+    void badCallbackUris();
 };
 
+void tst_QOAuthHttpServerReplyHandler::callback_data()
+{
+    QTest::addColumn<QString>("callbackPath");
+    QTest::addColumn<QString>("uri");
+    QTest::addColumn<bool>("success");
+
+    QTest::newRow("default") << QString() << QString() << true;
+    QTest::newRow("empty") << "" << QString() << true;
+    QTest::newRow("ascii-path") << "/foobar" << QString() << true;
+    QTest::newRow("utf8-path") << "/áéíóú" << QString() << true;
+    QTest::newRow("questionmark") << "/?" << QString() << true;
+    QTest::newRow("hash") << "/#" << QString() << true;
+
+    QTest::newRow("default-fragment") << QString() << "/#shouldntsee" << true;
+    QTest::newRow("default-query") << QString() << "/?some=query" << true;
+
+    QTest::newRow("default-wrongpath") << QString() << "/foo" << false;
+    QTest::newRow("changed-wrongpath") << "/foo" << "/bar" << false;
+    QTest::newRow("changed-wrongpathprefix") << "/foo" << "/foobar" << false;
+    QTest::newRow("changed-wrongpathprefixpath") << "/foo" << "/foo/bar" << false;
+}
+
 void tst_QOAuthHttpServerReplyHandler::callback()
 {
+    QFETCH(QString, callbackPath);
+    QFETCH(QString, uri);
+    QFETCH(bool, success);
+
+    int count = 0;
+    QOAuthHttpServerReplyHandler replyHandler;
+    QVERIFY(replyHandler.isListening());
+    connect(&replyHandler, &QOAuthHttpServerReplyHandler::callbackReceived, this, [&](
+            const QVariantMap &) {
+        ++count;
+        QTestEventLoop::instance().exitLoop();
+    });
+
+    if (!callbackPath.isNull())
+        replyHandler.setCallbackPath(callbackPath);
+    QUrl callback(replyHandler.callback());
+    QVERIFY(!callback.isEmpty());
+
+    // maybe change the URL
+    callback = callback.resolved(QUrl(uri));
+
+    QNetworkAccessManager networkAccessManager;
+    QNetworkRequest request(callback);
+    QNetworkReplyPtr reply;
+    reply.reset(networkAccessManager.get(request));
+    connect(reply.get(), &QNetworkReply::finished, &QTestEventLoop::instance(),
+            &QTestEventLoop::exitLoop);
+
+    if (!success) {
+        QByteArray httpUri = callback.toEncoded(QUrl::RemoveScheme | QUrl::RemoveAuthority | QUrl::RemoveFragment);
+        QTest::ignoreMessage(QtWarningMsg, "Invalid request: " + httpUri);
+        QTest::ignoreMessage(QtWarningMsg, "Invalid request: " + httpUri);
+    }
+    QTestEventLoop::instance().enterLoop(Timeout);
+    QCOMPARE(count > 0, success);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+}
+
+void tst_QOAuthHttpServerReplyHandler::callbackWithQuery()
+{
     int count = 0;
     QOAuthHttpServerReplyHandler replyHandler;
     QUrlQuery query("callback=test");
@@ -51,5 +117,50 @@ void tst_QOAuthHttpServerReplyHandler::callback()
     QVERIFY(!QTestEventLoop::instance().timeout());
 }
 
+void tst_QOAuthHttpServerReplyHandler::badCallbackUris_data()
+{
+    QTest::addColumn<QString>("uri");
+
+    QTest::newRow("relative-path") << "foobar";
+    QTest::newRow("encoded-slash") << "%2F";
+    QTest::newRow("query") << "?some=query";
+    QTest::newRow("full-url") << "http://localhost/";
+    QTest::newRow("authority") << "//localhost";
+    // requires QUrl fix
+    //QTest::newRow("double-slash") << "//";
+    //QTest::newRow("triple-slash") << "///";
+}
+
+void tst_QOAuthHttpServerReplyHandler::badCallbackUris()
+{
+    QFETCH(QString, uri);
+
+    int count = 0;
+    QOAuthHttpServerReplyHandler replyHandler;
+    QVERIFY(replyHandler.isListening());
+    connect(&replyHandler, &QOAuthHttpServerReplyHandler::callbackReceived, this, [&](
+            const QVariantMap &) {
+        ++count;
+        QTestEventLoop::instance().exitLoop();
+    });
+    QUrl callback(replyHandler.callback());
+    QVERIFY(!callback.isEmpty());
+
+    QTcpSocket socket;
+    socket.connectToHost(QHostAddress::LocalHost, replyHandler.port());
+    socket.write("GET " + uri.toLocal8Bit() + " HTTP/1.0\r\n"
+                 "Host: localhost\r\n"
+                 "\r\n");
+    connect(&socket, &QTcpSocket::disconnected, &QTestEventLoop::instance(),
+            &QTestEventLoop::exitLoop);
+
+    QTest::ignoreMessage(QtWarningMsg, "Invalid request: " + uri.toLocal8Bit());
+    QTest::ignoreMessage(QtWarningMsg, "Invalid URL");
+
+    QTestEventLoop::instance().enterLoop(Timeout);
+    QCOMPARE(count, 0);
+    QVERIFY(!QTestEventLoop::instance().timeout());
+}
+
 QTEST_MAIN(tst_QOAuthHttpServerReplyHandler)
 #include "tst_oauthhttpserverreplyhandler.moc"