From f10b36d335a4a2fd42451e72cf66110c210e8c8f Mon Sep 17 00:00:00 2001
From: Joe Flint <gyrojoe@gmail.com>
Date: Mon, 14 Sep 2020 22:01:57 -0700
Subject: [PATCH] Handle server-side OAuth2 redirects to non-existent protocols
 (#2557)

Co-authored-by: Opender Singh <opender94@gmail.com>
---
 .../insomnia-app/app/network/o-auth-2/misc.js | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/packages/insomnia-app/app/network/o-auth-2/misc.js b/packages/insomnia-app/app/network/o-auth-2/misc.js
index 5f13eafbe..e97561fa6 100644
--- a/packages/insomnia-app/app/network/o-auth-2/misc.js
+++ b/packages/insomnia-app/app/network/o-auth-2/misc.js
@@ -45,25 +45,25 @@ export function authorizeUserInWindow(
   return new Promise((resolve, reject) => {
     let finalUrl = null;
 
-    function _parseUrl(currentUrl) {
+    function _parseUrl(currentUrl, source) {
       if (currentUrl.match(urlSuccessRegex)) {
         console.log(
-          `[oauth2] Matched success redirect to "${currentUrl}" with ${urlSuccessRegex.toString()}`,
+          `[oauth2] ${source}: Matched success redirect to "${currentUrl}" with ${urlSuccessRegex.toString()}`,
         );
         finalUrl = currentUrl;
         child.close();
       } else if (currentUrl.match(urlFailureRegex)) {
         console.log(
-          `[oauth2] Matched error redirect to "${currentUrl}" with ${urlFailureRegex.toString()}`,
+          `[oauth2] ${source}: Matched error redirect to "${currentUrl}" with ${urlFailureRegex.toString()}`,
         );
         finalUrl = currentUrl;
         child.close();
       } else if (currentUrl === url) {
         // It's the first one, so it's not a redirect
-        console.log(`[oauth2] Loaded "${currentUrl}"`);
+        console.log(`[oauth2] ${source}: Loaded "${currentUrl}"`);
       } else {
         console.log(
-          `[oauth2] Ignoring URL "${currentUrl}". Didn't match ${urlSuccessRegex.toString()}`,
+          `[oauth2] ${source}: Ignoring URL "${currentUrl}". Didn't match ${urlSuccessRegex.toString()}`,
         );
       }
     }
@@ -91,12 +91,19 @@ export function authorizeUserInWindow(
     child.webContents.on('did-navigate', () => {
       // Be sure to resolve URL so that we can handle redirects with no host like /foo/bar
       const currentUrl = child.webContents.getURL();
-      _parseUrl(currentUrl);
+      _parseUrl(currentUrl, 'did-navigate');
+    });
+
+    child.webContents.on('will-redirect', (e, url) => {
+      // Also listen for will-redirect, as some redirections do not trigger 'did-navigate'
+      // 'will-redirect' does not cover all cases that 'did-navigate' does, so both events are required
+      // GitHub's flow triggers only 'did-navigate', while Microsoft's only 'will-redirect'
+      _parseUrl(url, 'will-redirect');
     });
 
     child.webContents.on('did-fail-load', (e, errorCode, errorDescription, url) => {
       // Listen for did-fail-load to be able to parse the URL even when the callback server is unreachable
-      _parseUrl(url);
+      _parseUrl(url, 'did-fail-load');
     });
 
     // Show the window to the user after it loads