From 46ae65f4d2240c484ede2ddb014fb40d2bbdaba0 Mon Sep 17 00:00:00 2001 From: Dan Milne Date: Mon, 5 Jan 2026 13:03:03 +1100 Subject: [PATCH] Move the 'remove_query_param' to the application controller --- app/controllers/application_controller.rb | 29 +++++++++++++++++++++++ app/controllers/oidc_controller.rb | 17 ------------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0f0ea9f..9078e54 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -9,4 +9,33 @@ class ApplicationController < ActionController::Base # CSRF protection protect_from_forgery with: :exception + + helper_method :remove_query_param + + private + + # Remove a query parameter from a URL using proper URI parsing + # More robust than regex - handles URL encoding, edge cases, etc. + # + # @param url [String] The URL to modify + # @param param_name [String] The query parameter name to remove + # @return [String] The URL with the parameter removed + # + # @example + # remove_query_param("https://example.com?foo=bar&baz=qux", "foo") + # # => "https://example.com?baz=qux" + def remove_query_param(url, param_name) + uri = URI.parse(url) + return url unless uri.query + + # Parse query string into hash + params = CGI.parse(uri.query) + params.delete(param_name) + + # Rebuild query string (empty string if no params left) + uri.query = params.any? ? URI.encode_www_form(params) : nil + uri.to_s + rescue URI::InvalidURIError + url + end end diff --git a/app/controllers/oidc_controller.rb b/app/controllers/oidc_controller.rb index db9fff0..45c7deb 100644 --- a/app/controllers/oidc_controller.rb +++ b/app/controllers/oidc_controller.rb @@ -1115,23 +1115,6 @@ class OidcController < ApplicationController end end - # Remove a query parameter from a URL using proper URI parsing - # More robust than regex - handles URL encoding, edge cases, etc. - def remove_query_param(url, param_name) - uri = URI.parse(url) - return url unless uri.query - - # Parse query string into hash - params = CGI.parse(uri.query) - params.delete(param_name) - - # Rebuild query string (empty string if no params left) - uri.query = params.any? ? URI.encode_www_form(params) : nil - uri.to_s - rescue URI::InvalidURIError - url - end - def send_backchannel_logout_notifications(user) # Find all active OIDC consents for this user consents = OidcUserConsent.where(user: user).includes(:application)