Skip to content

test(auth): add regression tests for relative OAuth2 URLs#10805

Open
maruthang wants to merge 2 commits intoswagger-api:masterfrom
maruthang:fix/issue-10340-relative-oauth2-urls
Open

test(auth): add regression tests for relative OAuth2 URLs#10805
maruthang wants to merge 2 commits intoswagger-api:masterfrom
maruthang:fix/issue-10340-relative-oauth2-urls

Conversation

@maruthang
Copy link
Copy Markdown

@maruthang maruthang commented Apr 7, 2026

Description

Add regression tests to prevent the relative OAuth2 URL handling bug from recurring. The bug was introduced in v5.20.0 (commit 80d56c9) and fixed in v5.27.0/v5.30.3, but had no test coverage to prevent regression.

New tests cover:

  • sanitizeUrl with various relative path patterns (./../, ../, ../../, ./, /, with query params)
  • Full OAuth2 authorize flow with dot-relative paths combined with currentServer

Motivation and Context

Ref #10340

The original bug broke relative OAuth2 authorization URLs (e.g., ./../identity/connect/authorize). While the fix is already on master, there were no tests to prevent this from regressing again.

How Has This Been Tested?

  • All 832 unit tests pass, including the 3 new test cases
  • Tests verified against the current sanitizeUrl implementation

Screenshots (if appropriate):

N/A

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

maruthang and others added 2 commits April 7, 2026 19:54
@maruthang
test(auth): add regression tests for relative OAuth2 URLs
377680f 
Add tests to prevent regression of relative OAuth2 URL handling
that was broken in v5.20.0. Tests cover sanitizeUrl with various
relative path patterns and the full OAuth2 authorize flow with
dot-relative paths.

Ref swagger-api#10340
@maruthang
Merge branch 'master' into fix/issue-10340-relative-oauth2-urls
cfde3e7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maruthang