unchained/mission-control
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
099415cca34bbe27bc364fb1cdf216331946c276
mission-control/frontend/src/auth/redirects.test.ts

47 lines
1.4 KiB
TypeScript
Raw Blame History

import { afterEach, describe, expect, it, vi } from "vitest";
import { resolveSignInRedirectUrl } from "@/auth/redirects";
describe("resolveSignInRedirectUrl", () => {
afterEach(() => {
vi.unstubAllEnvs();
});
it("uses env fallback when redirect is missing", () => {
vi.stubEnv("NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL", "/boards");
expect(resolveSignInRedirectUrl(null)).toBe("/boards");
});
it("defaults to /dashboard when no env fallback is set", () => {
expect(resolveSignInRedirectUrl(null)).toBe("/dashboard");
});
it("allows safe relative paths", () => {
expect(resolveSignInRedirectUrl("/dashboard?tab=ops#queue")).toBe(
"/dashboard?tab=ops#queue",
);
});
it("rejects protocol-relative urls", () => {
vi.stubEnv("NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL", "/activity");
expect(resolveSignInRedirectUrl("//evil.example.com/path")).toBe(
"/activity",
);
});
it("rejects external absolute urls", () => {
vi.stubEnv("NEXT_PUBLIC_CLERK_SIGN_IN_FALLBACK_REDIRECT_URL", "/activity");
expect(resolveSignInRedirectUrl("https://evil.example.com/steal")).toBe(
"/activity",
);
});
it("accepts same-origin absolute urls and normalizes to path", () => {
const url = `${window.location.origin}/boards/new?src=invite#top`;
expect(resolveSignInRedirectUrl(url)).toBe("/boards/new?src=invite#top");
});
});
Reference in New Issue View Git Blame Copy Permalink