Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add optional PKCE challenge in email verification #7037

Merged
merged 1 commit into from Mar 13, 2024
Merged

Add optional PKCE challenge in email verification #7037

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion edb/server/protocol/auth_ext/http.py
View file
Open in desktop
Expand Up @@ -667,7 +667,7 @@ async def handle_resend_verification_email(
)
elif "email" in data:
email = data["email"]
maybe_challenge = None
maybe_challenge = data.get("challenge", data.get("code_challenge"))
maybe_redirect_to = data.get("redirect_to")
if maybe_redirect_to and not self._is_url_allowed(
maybe_redirect_to
Expand Down
36 changes: 35 additions & 1 deletion tests/test_http_ext_auth.py
View file
Open in desktop
Expand Up @@ -2900,7 +2900,7 @@ async def test_http_auth_ext_local_password_authenticate_01(self):
auth_data_redirect_on_failure["redirect_on_failure"],
)

async def test_http_auth_ext_resend_verification_email_with_token(self):
async def test_http_auth_ext_resend_verification_email(self):
with self.http_con() as http_con:
# Register a new user
provider_config = await self.get_builtin_provider_config_by_name(
Expand Down Expand Up @@ -2986,6 +2986,40 @@ async def test_http_auth_ext_resend_verification_email_with_token(self):

self.assertEqual(status, 200)

# Resend verification email with email and challenge
resend_data = {
"provider": form_data["provider"],
"email": email,
"challenge": form_data["challenge"],
}
resend_data_encoded = urllib.parse.urlencode(resend_data).encode()
_, _, status = self.http_con_request(
http_con,
None,
path="resend-verification-email",
method="POST",
body=resend_data_encoded,
headers={"Content-Type": "application/x-www-form-urlencoded"},
)
self.assertEqual(status, 200)

# Resend verification email with email and code_challenge
resend_data = {
"provider": form_data["provider"],
"email": email,
"code_challenge": form_data["challenge"],
}
resend_data_encoded = urllib.parse.urlencode(resend_data).encode()
_, _, status = self.http_con_request(
http_con,
None,
path="resend-verification-email",
method="POST",
body=resend_data_encoded,
headers={"Content-Type": "application/x-www-form-urlencoded"},
)
self.assertEqual(status, 200)

# Resend verification email with no email or token
resend_data = {
"provider": form_data["provider"],
Expand Down