Make host part of redirect_uri regex check optional (#293)

* Fix redirect_uri regex

* Add unit test for redirect_uri validation

---------

Co-authored-by: Marko Ivancic <[email protected]>

Author: mrvanes

src/Forms/ClientForm.php

@@ -34,8 +34,10 @@ class ClientForm extends Form
 
     /**
      * RFC3986. AppendixB. Parsing a URI Reference with a Regular Expression.
+     * From v6.*, the regex was modified to allow URI without host, to support adding entries like
+     * `openid-credential-offer://`
      */
-    final public const REGEX_URI = '/^[^:]+:\/\/?[^\s\/$.?#].[^\s]*$/';
+    final public const REGEX_URI = '/^[^:]+:\/\/?([^\s\/$.?#].[^\s]*)?$/';
 
     /**
      * Must have http:// or https:// scheme, and at least one 'domain.top-level-domain' pair, or more subdomains.

tests/unit/src/Forms/ClientFormTest.php

@@ -171,4 +171,36 @@ public function testSetDefaultsUnsetsAuthSourceIfNotValid(): void
 
         $this->assertNull($sut->getValues()['auth_source']);
     }
+
+    public static function redirectUriProvider(): array
+    {
+        return [
+            ['https', false],
+            ['https:', false],
+            ['example', false],
+            ['example.com', false],
+            ['example.com/?foo=bar', false],
+            ['www.example.com/?foo=bar', false],
+            ['https://example', true],
+            ['https://example.com', true],
+            ['https://example.com/', true],
+            ['https://example.com/foo', true],
+            ['https://example.com/foo?bar=1', true],
+
+            // To support OID4VCI
+            ['openid-credential-offer://', true],
+            ['foo://', true],
+            ['https://', true],
+        ];
+    }
+
+    #[DataProvider('redirectUriProvider')]
+    public function testCanValidateRedirectUri(string $url, bool $isValid): void
+    {
+        $sut = $this->sut();
+        $sut->setValues(['redirect_uri' => $url]);
+        $sut->validateRedirectUri($sut);
+
+        $this->assertEquals(!$isValid, $sut->hasErrors(), $url);
+    }
 }