Add validation for responsemode and test

2026-05-13 08:29:53 +00:00 · 2026-03-05 16:33:10 +01:00
parent 74f49b0ff6
commit 503bd8de74
3 changed files with 38 additions and 1 deletions
--- a/backend/internal/dto/oidc_dto.go
+++ b/backend/internal/dto/oidc_dto.go
@@ -71,7 +71,7 @@ type AuthorizeOidcClientRequestDto struct {
 	CodeChallenge         string `json:"codeChallenge"`
 	CodeChallengeMethod   string `json:"codeChallengeMethod"`
 	ReauthenticationToken string `json:"reauthenticationToken"`
-	ResponseMode          string `json:"responseMode"`
+	ResponseMode          string `json:"responseMode" binding:"omitempty,response_mode"`
 }

 type AuthorizeOidcClientResponseDto struct {
--- a/backend/internal/dto/validations.go
+++ b/backend/internal/dto/validations.go
@@ -51,6 +51,12 @@ func init() {
 	}); err != nil {
 		panic("Failed to register custom validation for callback_url: " + err.Error())
 	}
+
+	if err := v.RegisterValidation("response_mode", func(fl validator.FieldLevel) bool {
+		return ValidateResponseMode(fl.Field().String())
+	}); err != nil {
+		panic("Failed to register custom validation for response_mode: " + err.Error())
+	}
 }

 // ValidateUsername validates username inputs
@@ -68,3 +74,15 @@ func ValidateCallbackURL(raw string) bool {
 	err := utils.ValidateCallbackURLPattern(raw)
 	return err == nil
 }
+
+// ValidateResponseMode validates response_mode parameter
+// If responseMode is present, it must be either "form_post" or "query"
+// Empty responseMode is allowed (will use default behavior)
+func ValidateResponseMode(responseMode string) bool {
+	// Empty responseMode is allowed (field not provided, use default)
+	if responseMode == "" {
+		return true
+	}
+	// If present, it must be form_post or query
+	return responseMode == "form_post" || responseMode == "query"
+}
--- a/backend/internal/dto/validations_test.go
+++ b/backend/internal/dto/validations_test.go
@@ -56,3 +56,22 @@ func TestValidateClientID(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateResponseMode(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected bool
+	}{
+		{"valid form_post", "form_post", true},
+		{"valid query", "query", true},
+		{"valid empty", "", true},
+		{"invalid fragment", "fragment", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			assert.Equal(t, tt.expected, ValidateResponseMode(tt.input))
+		})
+	}
+}