fixed wrong variable for additional http headers in OIDTokenRequest (#…

…770) (#798)
openid · Oct 25, 2023 · aea7b8a · aea7b8a
1 parent 8b437c4
commit aea7b8a
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 1 deletion.
diff --git a/Source/AppAuthCore/OIDTokenRequest.m b/Source/AppAuthCore/OIDTokenRequest.m
@@ -330,7 +330,7 @@ - (NSURLRequest *)URLRequest {
   }
 
   for (id header in _additionalHeaders) {
-    [URLRequest setValue:httpHeaders[header] forHTTPHeaderField:header];
+    [URLRequest setValue:_additionalHeaders[header] forHTTPHeaderField:header];
   }
 
   return URLRequest;

diff --git a/UnitTests/OIDTokenRequestTests.m b/UnitTests/OIDTokenRequestTests.m
@@ -56,6 +56,14 @@
  */
 static NSString *const kTestAdditionalHeaderValue = @"2";
 
+/*! @brief Test key for the @c additionalHeaders property.
+ */
+static NSString *const kTestAdditionalHeaderKey2 = @"C";
+
+/*! @brief Test value for the @c additionalHeaders property.
+ */
+static NSString *const kTestAdditionalHeaderValue2 = @"3";
+
 @implementation OIDTokenRequestTests
 
 + (OIDTokenRequest *)testInstance {
@@ -154,6 +162,32 @@ + (OIDTokenRequest *)testInstanceRefresh {
   return request;
 }
 
++ (OIDTokenRequest *)testInstanceAdditionalHeaders {
+  OIDAuthorizationResponse *authResponse = [OIDAuthorizationResponseTests testInstance];
+  NSArray<NSString *> *scopesArray =
+      [OIDScopeUtilities scopesArrayWithString:authResponse.request.scope];
+  NSDictionary *additionalParameters =
+      @{ kTestAdditionalParameterKey : kTestAdditionalParameterValue };
+  NSDictionary *additionalHeaders = @{
+    kTestAdditionalHeaderKey : kTestAdditionalHeaderValue,
+    kTestAdditionalHeaderKey2 : kTestAdditionalHeaderValue2
+  };
+
+  OIDTokenRequest *request =
+      [[OIDTokenRequest alloc] initWithConfiguration:authResponse.request.configuration
+                                           grantType:OIDGrantTypeAuthorizationCode
+                                   authorizationCode:authResponse.authorizationCode
+                                         redirectURL:authResponse.request.redirectURL
+                                            clientID:authResponse.request.clientID
+                                        clientSecret:authResponse.request.clientSecret
+                                              scopes:scopesArray
+                                        refreshToken:kRefreshTokenTestValue
+                                        codeVerifier:authResponse.request.codeVerifier
+                                additionalParameters:additionalParameters
+                                   additionalHeaders:additionalHeaders];
+  return request;
+}
+
 /*! @brief Tests the @c NSCopying implementation by round-tripping an instance through the copying
         process and checking to make sure the source and destination instances are equivalent.
  */
@@ -239,6 +273,10 @@ - (void)testSecureCoding {
   XCTAssertNotNil(request.additionalHeaders, @"");
   XCTAssertEqualObjects(request.additionalHeaders[kTestAdditionalHeaderKey],
                         kTestAdditionalHeaderValue, @"");
+
+  NSURLRequest *urlRequest = [request URLRequest];
+  XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey],
+                        kTestAdditionalHeaderValue);
 
   NSData *data = [NSKeyedArchiver archivedDataWithRootObject:request];
   OIDTokenRequest *requestCopy = [NSKeyedUnarchiver unarchiveObjectWithData:data];
@@ -263,6 +301,10 @@ - (void)testSecureCoding {
   XCTAssertNotNil(requestCopy.additionalHeaders, @"");
   XCTAssertEqualObjects(requestCopy.additionalHeaders[kTestAdditionalHeaderKey],
                         kTestAdditionalHeaderValue, @"");
+
+  NSURLRequest *urlrequestCopy = [requestCopy URLRequest];
+  XCTAssertEqualObjects([urlrequestCopy.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey],
+                        kTestAdditionalHeaderValue);
 }
 
 - (void)testURLRequestNoClientAuth {
@@ -302,6 +344,17 @@ - (void)testAuthorizationCodeNullRedirectURL {
                                                additionalHeaders:additionalHeaders], @"");
 }
 
+- (void)testThatAdditionalHeadersAreInTokenRequest {
+  OIDTokenRequest *request = [[self class] testInstanceAdditionalHeaders];
+  NSURLRequest* urlRequest = [request URLRequest];
+
+  XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey],
+                        kTestAdditionalHeaderValue);
+
+  XCTAssertEqualObjects([urlRequest.allHTTPHeaderFields objectForKey:kTestAdditionalHeaderKey2],
+                        kTestAdditionalHeaderValue2);
+}
+
 @end
 
 #pragma GCC diagnostic pop