Allow customer URL schemas for OAuth callback URLs

Fixes #1019

app/models/client_application.rb

@@ -10,7 +10,8 @@ class ClientApplication < ActiveRecord::Base
   validates :key, :presence => true, :uniqueness => true
   validates :name, :url, :secret, :presence => true
   validates :url, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
-  validates :support_url, :callback_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
+  validates :support_url, :allow_blank => true, :format => %r{\Ahttp(s?)://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
+  validates :callback_url, :allow_blank => true, :format => %r{\A[a-z][a-z0-9.+-]*://(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(/|/([\w#!:.?+=&%@!\-/]))?}i
 
   before_validation :generate_keys, :on => :create
 

test/fixtures/client_applications.yml

@@ -20,6 +20,7 @@ oauth_web_app:
 oauth_desktop_app:
   name: Some OAuth Desktop App
   created_at: "2009-04-21 00:00:00"
+  url: http://some.desktop.app.org/
   support_url: http://some.desktop.app.org/support
   updated_at: "2009-04-21 00:00:00"
   user_id: 2
@@ -35,6 +36,7 @@ oauth_desktop_app:
 normal_user_app:
   name: Some OAuth Desktop App
   created_at: "2009-05-21 00:00:00"
+  url: http://some.desktop.app.org/
   support_url: http://some.desktop.app.org/support
   updated_at: "2009-05-21 00:00:00"
   user_id: 1

test/integration/client_applications_test.rb

@@ -1,6 +1,6 @@
 require "test_helper"
 
-class ClientApplicationTest < ActionDispatch::IntegrationTest
+class ClientApplicationsTest < ActionDispatch::IntegrationTest
   fixtures :users, :client_applications
 
   ##

test/models/client_application_test.rb

@@ -0,0 +1,56 @@
+require "test_helper"
+
+class ClientApplicationTest < ActiveSupport::TestCase
+  fixtures :client_applications
+
+  def test_url_valid
+    ok = ["http://example.com/test", "https://example.com/test"]
+    bad = ["", "ftp://example.com/test", "myapp://somewhere"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app).dup
+      app.url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+
+  def test_support_url_valid
+    ok = ["", "http://example.com/test", "https://example.com/test"]
+    bad = ["ftp://example.com/test", "myapp://somewhere", "gibberish"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app)
+      app.support_url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.support_url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+
+  def test_callback_url_valid
+    ok = ["", "http://example.com/test", "https://example.com/test", "ftp://example.com/test", "myapp://somewhere"]
+    bad = ["gibberish"]
+
+    ok.each do |url|
+      app = client_applications(:normal_user_app)
+      app.callback_url = url
+      assert app.valid?, "#{url} is invalid, when it should be"
+    end
+
+    bad.each do |url|
+      app = client_applications(:normal_user_app)
+      app.callback_url = url
+      assert !app.valid?, "#{url} is valid when it shouldn't be"
+    end
+  end
+end