fix: return empty slice if requested_scope or audience is null (#3711)

ory · Feb 12, 2024 · 65165e7 · 65165e7
1 parent 33950db
commit 65165e7
Show file tree

Hide file tree

Showing 13 changed files with 542 additions and 6 deletions.
diff --git a/consent/handler.go b/consent/handler.go
@@ -364,6 +364,14 @@ func (h *Handler) getOAuth2LoginRequest(w http.ResponseWriter, r *http.Request,
 		return
 	}
 
+	if request.RequestedScope == nil {
+		request.RequestedScope = []string{}
+	}
+
+	if request.RequestedAudience == nil {
+		request.RequestedAudience = []string{}
+	}
+
 	request.Client = sanitizeClient(request.Client)
 	h.r.Writer().Write(w, r, request)
 }

diff --git a/flow/.snapshots/TestAcceptOAuth2ConsentRequestSession_MarshalJSON.json b/flow/.snapshots/TestAcceptOAuth2ConsentRequestSession_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"access_token\":{},\"id_token\":{}}"
diff --git a/flow/.snapshots/TestAcceptOAuth2ConsentRequest_MarshalJSON.json b/flow/.snapshots/TestAcceptOAuth2ConsentRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"grant_scope\":[],\"grant_access_token_audience\":[],\"session\":null,\"remember\":false,\"remember_for\":0,\"handled_at\":null,\"context\":{}}"
diff --git a/flow/.snapshots/TestHandledLoginRequest_MarshalJSON.json b/flow/.snapshots/TestHandledLoginRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"remember\":false,\"remember_for\":0,\"extend_session_lifespan\":false,\"acr\":\"\",\"amr\":[],\"subject\":\"\",\"force_subject_identifier\":\"\",\"context\":{}}"
diff --git a/flow/.snapshots/TestLoginRequest_MarshalJSON.json b/flow/.snapshots/TestLoginRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"requested_scope\":[],\"requested_access_token_audience\":[],\"skip\":false,\"subject\":\"\",\"oidc_context\":null,\"client\":null,\"request_url\":\"\",\"session_id\":\"\"}"
diff --git a/flow/.snapshots/TestLogoutRequest_MarshalJSON.json b/flow/.snapshots/TestLogoutRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"subject\":\"\",\"request_url\":\"\",\"rp_initiated\":false,\"client\":null}"
diff --git a/flow/.snapshots/TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON.json
@@ -0,0 +1 @@
+"{}"
diff --git a/flow/.snapshots/TestOAuth2ConsentRequest_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"requested_scope\":[],\"requested_access_token_audience\":[],\"skip\":false,\"subject\":\"\",\"oidc_context\":null,\"client\":null,\"request_url\":\"\",\"login_challenge\":\"\",\"login_session_id\":\"\",\"acr\":\"\",\"amr\":[]}"
diff --git a/flow/.snapshots/TestOAuth2ConsentSession_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentSession_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"grant_scope\":[],\"grant_access_token_audience\":[],\"session\":null,\"remember\":false,\"remember_for\":0,\"handled_at\":null,\"context\":{},\"consent_request\":null}"
diff --git a/flow/consent_types.go b/flow/consent_types.go
@@ -188,6 +188,25 @@ type AcceptOAuth2ConsentRequest struct {
 	SessionAccessToken sqlxx.MapStringInterface `json:"-" faker:"-"`
 }
 
+func (r *AcceptOAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+	type Alias AcceptOAuth2ConsentRequest
+	alias := Alias(*r)
+
+	if alias.Context == nil {
+		alias.Context = []byte("{}")
+	}
+
+	if alias.GrantedScope == nil {
+		alias.GrantedScope = []string{}
+	}
+
+	if alias.GrantedAudience == nil {
+		alias.GrantedAudience = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 func (r *AcceptOAuth2ConsentRequest) HasError() bool {
 	return r.Error.IsError()
 }
@@ -263,6 +282,25 @@ type OAuth2ConsentSession struct {
 	SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" json:"-"`
 }
 
+func (r *OAuth2ConsentSession) MarshalJSON() ([]byte, error) {
+	type Alias OAuth2ConsentSession
+	alias := Alias(*r)
+
+	if alias.Context == nil {
+		alias.Context = []byte("{}")
+	}
+
+	if alias.GrantedScope == nil {
+		alias.GrantedScope = []string{}
+	}
+
+	if alias.GrantedAudience == nil {
+		alias.GrantedAudience = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 // HandledLoginRequest is the request payload used to accept a login request.
 //
 // swagger:model acceptOAuth2LoginRequest
@@ -345,6 +383,20 @@ type HandledLoginRequest struct {
 	AuthenticatedAt sqlxx.NullTime      `json:"-"`
 }
 
+func (r *HandledLoginRequest) MarshalJSON() ([]byte, error) {
+	type Alias HandledLoginRequest
+	alias := Alias(*r)
+	if alias.Context == nil {
+		alias.Context = []byte("{}")
+	}
+
+	if alias.AMR == nil {
+		alias.AMR = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 func (r *HandledLoginRequest) HasError() bool {
 	return r.Error.IsError()
 }
@@ -392,6 +444,24 @@ type OAuth2ConsentRequestOpenIDConnectContext struct {
 	LoginHint string `json:"login_hint,omitempty"`
 }
 
+func (n *OAuth2ConsentRequestOpenIDConnectContext) MarshalJSON() ([]byte, error) {
+	type Alias OAuth2ConsentRequestOpenIDConnectContext
+	alias := Alias(*n)
+	if alias.IDTokenHintClaims == nil {
+		alias.IDTokenHintClaims = map[string]interface{}{}
+	}
+
+	if alias.ACRValues == nil {
+		alias.ACRValues = []string{}
+	}
+
+	if alias.UILocales == nil {
+		alias.UILocales = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 func (n *OAuth2ConsentRequestOpenIDConnectContext) Scan(value interface{}) error {
 	v := fmt.Sprintf("%s", value)
 	if len(v) == 0 {
@@ -539,6 +609,20 @@ type LoginRequest struct {
 	RequestedAt     time.Time      `json:"-"`
 }
 
+func (r *LoginRequest) MarshalJSON() ([]byte, error) {
+	type Alias LoginRequest
+	alias := Alias(*r)
+	if alias.RequestedScope == nil {
+		alias.RequestedScope = []string{}
+	}
+
+	if alias.RequestedAudience == nil {
+		alias.RequestedAudience = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 // Contains information on an ongoing consent request.
 //
 // swagger:model oAuth2ConsentRequest
@@ -614,6 +698,24 @@ type OAuth2ConsentRequest struct {
 	RequestedAt            time.Time      `json:"-"`
 }
 
+func (r *OAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+	type Alias OAuth2ConsentRequest
+	alias := Alias(*r)
+	if alias.RequestedScope == nil {
+		alias.RequestedScope = []string{}
+	}
+
+	if alias.RequestedAudience == nil {
+		alias.RequestedAudience = []string{}
+	}
+
+	if alias.AMR == nil {
+		alias.AMR = []string{}
+	}
+
+	return json.Marshal(alias)
+}
+
 // Pass session data to a consent request.
 //
 // swagger:model acceptOAuth2ConsentRequestSession
@@ -636,3 +738,16 @@ func NewConsentRequestSessionData() *AcceptOAuth2ConsentRequestSession {
 		IDToken:     map[string]interface{}{},
 	}
 }
+
+func (r *AcceptOAuth2ConsentRequestSession) MarshalJSON() ([]byte, error) {
+	type Alias AcceptOAuth2ConsentRequestSession
+	alias := Alias(*r)
+	if alias.AccessToken == nil {
+		alias.AccessToken = map[string]interface{}{}
+	}
+
+	if alias.IDToken == nil {
+		alias.IDToken = map[string]interface{}{}
+	}
+	return json.Marshal(alias)
+}
diff --git a/flow/consent_types_test.go b/flow/consent_types_test.go
@@ -4,9 +4,12 @@
 package flow
 
 import (
+	"encoding/json"
 	"fmt"
 	"testing"
 
+	"github.com/ory/x/snapshotx"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -66,3 +69,51 @@ func TestRequestDeniedError(t *testing.T) {
 	require.NoError(t, err)
 	assert.EqualValues(t, "{}", fmt.Sprintf("%v", v))
 }
+
+func TestAcceptOAuth2ConsentRequest_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(AcceptOAuth2ConsentRequest))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentSession_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(OAuth2ConsentSession))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestHandledLoginRequest_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(HandledLoginRequest))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(OAuth2ConsentRequestOpenIDConnectContext))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestLogoutRequest_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(LogoutRequest))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestLoginRequest_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(LoginRequest))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentRequest_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(OAuth2ConsentRequest))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
+
+func TestAcceptOAuth2ConsentRequestSession_MarshalJSON(t *testing.T) {
+	out, err := json.Marshal(new(AcceptOAuth2ConsentRequestSession))
+	require.NoError(t, err)
+	snapshotx.SnapshotT(t, string(out))
+}
diff --git a/internal/httpclient/go.mod b/internal/httpclient/go.mod
@@ -2,6 +2,11 @@ module github.com/ory/hydra-client-go/v2
 
 go 1.18
 
+require golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
+
 require (
-	golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
+	github.com/golang/protobuf v1.4.2 // indirect
+	golang.org/x/net v0.0.0-20200822124328-c89045814202 // indirect
+	google.golang.org/appengine v1.6.6 // indirect
+	google.golang.org/protobuf v1.25.0 // indirect
 )