From be923343b059ccd94200f87fe31c49ea29a4d2b3 Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Wed, 19 Aug 2020 09:56:05 +0200
Subject: [PATCH] fix: compliance problems (#607)

* fix: compliance problems

* fix: at least one redirect uri

* fix: at least one redirect uri

* Update de.yaml

* Update en.yaml

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
---
 cmd/zitadel/caos_local.sh                             | 4 ++--
 cmd/zitadel/setup.yaml                                | 4 ++--
 internal/project/model/oidc_config.go                 | 4 ++++
 internal/project/repository/view/model/application.go | 2 +-
 internal/static/i18n/de.yaml                          | 1 +
 internal/static/i18n/en.yaml                          | 1 +
 6 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/cmd/zitadel/caos_local.sh b/cmd/zitadel/caos_local.sh
index ffd0302dd5..1e1febd4a2 100755
--- a/cmd/zitadel/caos_local.sh
+++ b/cmd/zitadel/caos_local.sh
@@ -68,6 +68,6 @@ export ZITADEL_DEFAULT_DOMAIN=zitadel.ch
 export TRACING_TYPE=google
 
 #Setup
-export ZITADEL_CONSOLE_RESPONSE_TYPE=ID_TOKEN TOKEN
-export ZITADEL_CONSOLE_GRANT_TYPE=IMPLICIT
+export ZITADEL_CONSOLE_RESPONSE_TYPE='ID_TOKEN TOKEN'
+export ZITADEL_CONSOLE_GRANT_TYPE='IMPLICIT'
 export ZITADEL_CONSOLE_DEV_MODE=true
\ No newline at end of file
diff --git a/cmd/zitadel/setup.yaml b/cmd/zitadel/setup.yaml
index da17928fdf..37e68fdbae 100644
--- a/cmd/zitadel/setup.yaml
+++ b/cmd/zitadel/setup.yaml
@@ -60,9 +60,9 @@ SetUp:
               PostLogoutRedirectUris:
                 - '$ZITADEL_CONSOLE/signedout'
               ResponseTypes:
-                - '$ZITADEL_CONSOLE_RESPONSE_TYPE'
+                - $ZITADEL_CONSOLE_RESPONSE_TYPE
               GrantTypes:
-                - '$ZITADEL_CONSOLE_GRANT_TYPE'
+                - $ZITADEL_CONSOLE_GRANT_TYPE
               ApplicationType: 'USER_AGENT'
               AuthMethodType: 'NONE'
               DevMode: $ZITADEL_CONSOLE_DEV_MODE
diff --git a/internal/project/model/oidc_config.go b/internal/project/model/oidc_config.go
index 564725f327..a0c4d03fb0 100644
--- a/internal/project/model/oidc_config.go
+++ b/internal/project/model/oidc_config.go
@@ -132,6 +132,10 @@ func GetOIDCCompliance(version OIDCVersion, appType OIDCApplicationType, grantTy
 
 func GetOIDCV1Compliance(appType OIDCApplicationType, grantTypes []OIDCGrantType, authMethod OIDCAuthMethodType, redirectUris []string) *Compliance {
 	compliance := &Compliance{NoneCompliant: false}
+	if redirectUris == nil || len(redirectUris) == 0 {
+		compliance.NoneCompliant = true
+		compliance.Problems = append([]string{"Application.OIDC.V1.NoRedirectUris"}, compliance.Problems...)
+	}
 	if containsOIDCGrantType(grantTypes, OIDCGrantTypeImplicit) && containsOIDCGrantType(grantTypes, OIDCGrantTypeAuthorizationCode) {
 		CheckRedirectUrisImplicitAndCode(compliance, appType, redirectUris)
 	} else {
diff --git a/internal/project/repository/view/model/application.go b/internal/project/repository/view/model/application.go
index 885629db46..97dad40b3c 100644
--- a/internal/project/repository/view/model/application.go
+++ b/internal/project/repository/view/model/application.go
@@ -201,7 +201,7 @@ func (a *ApplicationView) SetData(event *models.Event) error {
 }
 
 func (a *ApplicationView) setCompliance() {
-	compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCPostLogoutRedirectUris)
+	compliance := model.GetOIDCCompliance(model.OIDCVersion(a.OIDCVersion), model.OIDCApplicationType(a.OIDCApplicationType), OIDCGrantTypesToModel(a.OIDCGrantTypes), OIDCResponseTypesToModel(a.OIDCResponseTypes), model.OIDCAuthMethodType(a.OIDCAuthMethodType), a.OIDCRedirectUris)
 	a.NoneCompliant = compliance.NoneCompliant
 	a.ComplianceProblems = compliance.Problems
 }
diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml
index 9ad8c6ccd8..6c889f6194 100644
--- a/internal/static/i18n/de.yaml
+++ b/internal/static/i18n/de.yaml
@@ -298,6 +298,7 @@ Application:
   OIDC:
     V1:
       NotCompliant: Deine Konfiguration ist nicht konform und weicht vom OIDC 1.0 Standard ab.
+      NoRedirectUris: Es muss mindestens eine Redirect URI erfasst sein.
       NotAllCombinationsAreAllowed: Die Konfiguration ist konform, jedoch werden nicht alle möglichen Kombinationen erlaubt.
       Code:
         RedirectUris:
diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml
index 3266659acc..e1092c33d0 100644
--- a/internal/static/i18n/en.yaml
+++ b/internal/static/i18n/en.yaml
@@ -298,6 +298,7 @@ Application:
   OIDC:
     V1:
       NotCompliant: Your configuration is not compliant and differs from OIDC 1.0 standard.
+      NoRedirectUris: At least one redirect uri must be registered.
       NotAllCombinationsAreAllowed: Configuration is compliant, but not all possible combinations are allowed.
       Code:
         RedirectUris: