fix redirect uri validation to allow apps like: com.my.app:/

Author: MarvinG92

src/ValueObject/RedirectUri.php

@@ -16,7 +16,7 @@ class RedirectUri
      */
     public function __construct(string $redirectUri)
     {
-        if (!filter_var($redirectUri, \FILTER_VALIDATE_URL)) {
+        if (1 !== preg_match('/^[a-zA-Z][a-zA-Z0-9+.-]*:(?:\/\/[^\/\s?#]+(?:\/[^\s?#]*)?|\/[^\s?#]*)?(?:\?[^\s#]*)?(?:#[^\s]*)?$/', $redirectUri)) {
             throw new \RuntimeException(\sprintf('The \'%s\' string is not a valid URI.', $redirectUri));
         }
 

tests/Unit/RedirectUriTest.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Tests\Unit;
+
+use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
+use PHPUnit\Framework\TestCase;
+
+final class RedirectUriTest extends TestCase
+{
+    public function exceptionRedirectUriProvider(): array
+    {
+        return [
+            ['invalid'],
+            ['http://invalid url'],
+            ['http:/invalid'],
+            ['http:/invalid.com'],
+            ['http:/invalid.com/test'],
+        ];
+    }
+
+    /**
+     * @dataProvider exceptionRedirectUriProvider
+     */
+    public function testInvalidRedirectUris($data): void
+    {
+        $this->expectException(\RuntimeException::class);
+
+        new RedirectUri($data[0]);
+    }
+
+    public function testValidRedirectUris(): void
+    {
+        // Test standard URIs
+        $this->assertIsObject(new RedirectUri('http://github.com'));
+        $this->assertIsObject(new RedirectUri('http://github.com/test'));
+        $this->assertIsObject(new RedirectUri('http://github.com/test?query=test'));
+
+        // Test mobile URIs
+        $this->assertIsObject(new RedirectUri('com.my.app:/'));
+        $this->assertIsObject(new RedirectUri('com.my.app:/callback'));
+        $this->assertIsObject(new RedirectUri('myapp://callback#token=123'));
+    }
+}