From 11204af8f8af48a5bdd05fa6e8b3f0559bf4e150 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marvin=20G=C3=A4rtner?= <marvin@gaertner.team>
Date: Thu, 10 Jul 2025 15:13:35 +0200
Subject: [PATCH 1/2] fix redirect uri validation to allow apps like:
 com.my.app:/

---
 src/ValueObject/RedirectUri.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ValueObject/RedirectUri.php b/src/ValueObject/RedirectUri.php
index 7ecd066..6c8705e 100644
--- a/src/ValueObject/RedirectUri.php
+++ b/src/ValueObject/RedirectUri.php
@@ -16,7 +16,7 @@ class RedirectUri
      */
     public function __construct(string $redirectUri)
     {
-        if (!filter_var($redirectUri, \FILTER_VALIDATE_URL)) {
+        if (preg_match('/^[a-zA-Z][a-zA-Z0-9+.-]*:(?:\/\/[^\/\s?#]+(?:\/[^\s?#]*)?|\/[^\s?#]*)?(?:\?[^\s#]*)?(?:#[^\s]*)?$/', $redirectUri) !== 1) {
             throw new \RuntimeException(\sprintf('The \'%s\' string is not a valid URI.', $redirectUri));
         }
 

From 2cf4247ae8a251f4f2a9cb216526417a5094c7eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marvin=20G=C3=A4rtner?= <marvin@gaertner.team>
Date: Fri, 11 Jul 2025 07:57:00 +0200
Subject: [PATCH 2/2] add RedirectUriTest.php TestCase fix coding style in
 RedirectUri.php

---
 src/ValueObject/RedirectUri.php |  2 +-
 tests/Unit/RedirectUriTest.php  | 45 +++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 tests/Unit/RedirectUriTest.php

diff --git a/src/ValueObject/RedirectUri.php b/src/ValueObject/RedirectUri.php
index 6c8705e..90a88a1 100644
--- a/src/ValueObject/RedirectUri.php
+++ b/src/ValueObject/RedirectUri.php
@@ -16,7 +16,7 @@ class RedirectUri
      */
     public function __construct(string $redirectUri)
     {
-        if (preg_match('/^[a-zA-Z][a-zA-Z0-9+.-]*:(?:\/\/[^\/\s?#]+(?:\/[^\s?#]*)?|\/[^\s?#]*)?(?:\?[^\s#]*)?(?:#[^\s]*)?$/', $redirectUri) !== 1) {
+        if (1 !== preg_match('/^[a-zA-Z][a-zA-Z0-9+.-]*:(?:\/\/[^\/\s?#]+(?:\/[^\s?#]*)?|\/[^\s?#]*)?(?:\?[^\s#]*)?(?:#[^\s]*)?$/', $redirectUri)) {
             throw new \RuntimeException(\sprintf('The \'%s\' string is not a valid URI.', $redirectUri));
         }
 
diff --git a/tests/Unit/RedirectUriTest.php b/tests/Unit/RedirectUriTest.php
new file mode 100644
index 0000000..eda5fab
--- /dev/null
+++ b/tests/Unit/RedirectUriTest.php
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace League\Bundle\OAuth2ServerBundle\Tests\Unit;
+
+use League\Bundle\OAuth2ServerBundle\ValueObject\RedirectUri;
+use PHPUnit\Framework\TestCase;
+
+final class RedirectUriTest extends TestCase
+{
+    public function exceptionRedirectUriProvider(): array
+    {
+        return [
+            ['invalid'],
+            ['http://invalid url'],
+            ['http:/invalid'],
+            ['http:/invalid.com'],
+            ['http:/invalid.com/test'],
+        ];
+    }
+
+    /**
+     * @dataProvider exceptionRedirectUriProvider
+     */
+    public function testInvalidRedirectUris($data): void
+    {
+        $this->expectException(\RuntimeException::class);
+
+        new RedirectUri($data[0]);
+    }
+
+    public function testValidRedirectUris(): void
+    {
+        // Test standard URIs
+        $this->assertIsObject(new RedirectUri('http://github.com'));
+        $this->assertIsObject(new RedirectUri('http://github.com/test'));
+        $this->assertIsObject(new RedirectUri('http://github.com/test?query=test'));
+
+        // Test mobile URIs
+        $this->assertIsObject(new RedirectUri('com.my.app:/'));
+        $this->assertIsObject(new RedirectUri('com.my.app:/callback'));
+        $this->assertIsObject(new RedirectUri('myapp://callback#token=123'));
+    }
+}