Skip to content

Commit 17885f0

Browse files
committed
fix(plaidlogin): align callback bind and redirect hosts to 127.0.0.1
On systems where localhost resolves exclusively to ::1, the browser redirected to [::1]:PORT while the server only listened on 127.0.0.1, causing a silent 'connection refused' that left Wait() blocking for 5 minutes before PLAID_DASHBOARD_LOGIN_TIMEOUT with no diagnostic. RedirectHost is now 127.0.0.1 (matching BindHost) so the URI Plaid receives and the listener address are always consistent. Update tests that asserted the old localhost redirect URI.
1 parent 4433b0a commit 17885f0

4 files changed

Lines changed: 6 additions & 6 deletions

File tree

internal/plaidlogin/login_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ func TestRunLoginWritesFetchedKeysAndDashboardAuth(t *testing.T) {
5656
if result.KeysWritten != 2 || result.CredentialAction != "written" || result.TeamID != "team_1" {
5757
t.Fatalf("result = %#v", result)
5858
}
59-
if callbackURL != "http://localhost:49152/oauth/callback" {
59+
if callbackURL != "http://127.0.0.1:49152/oauth/callback" {
6060
t.Fatalf("redirect_uri = %q", callbackURL)
6161
}
6262
envContent, err := os.ReadFile(envPath)

internal/plaidlogin/oauth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ const (
1313
TokenURL = "https://api.dashboard.plaid.com/oauth/token"
1414
ClientID = "plaid-cli"
1515
BindHost = "127.0.0.1"
16-
RedirectHost = "localhost"
16+
RedirectHost = "127.0.0.1"
1717

1818
// Plaid Dashboard APIs are private; this contract was last verified against this Plaid CLI build.
1919
PlaidCLICompatibilityVersion = "20260507-4d1b0ca0"

internal/plaidlogin/oauth_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func TestBuildAuthURLUsesPlaidCLICompatiblePKCE(t *testing.T) {
2323
}
2424
values := parsed.Query()
2525
assertQuery(t, values, "client_id", "plaid-cli")
26-
assertQuery(t, values, "redirect_uri", "http://localhost:49152/oauth/callback")
26+
assertQuery(t, values, "redirect_uri", "http://127.0.0.1:49152/oauth/callback")
2727
assertQuery(t, values, "response_type", "code")
2828
assertQuery(t, values, "state", "state-123")
2929
assertQuery(t, values, "code_challenge_method", "S256")
@@ -32,11 +32,11 @@ func TestBuildAuthURLUsesPlaidCLICompatiblePKCE(t *testing.T) {
3232
}
3333
}
3434

35-
func TestBindAndRedirectHostsAreIntentionallyDifferent(t *testing.T) {
35+
func TestBindAndRedirectHostsMatch(t *testing.T) {
3636
if BindHost != "127.0.0.1" {
3737
t.Fatalf("BindHost = %q", BindHost)
3838
}
39-
if RedirectHost != "localhost" {
39+
if RedirectHost != "127.0.0.1" {
4040
t.Fatalf("RedirectHost = %q", RedirectHost)
4141
}
4242
}

internal/plaidlogin/token_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ func TestExchangeCodeUsesPKCEFormBody(t *testing.T) {
2121
}
2222
assertForm(t, r.PostForm, "grant_type", "authorization_code")
2323
assertForm(t, r.PostForm, "code", "auth-code")
24-
assertForm(t, r.PostForm, "redirect_uri", "http://localhost:49152/oauth/callback")
24+
assertForm(t, r.PostForm, "redirect_uri", "http://127.0.0.1:49152/oauth/callback")
2525
assertForm(t, r.PostForm, "client_id", ClientID)
2626
assertForm(t, r.PostForm, "code_verifier", "verifier")
2727
json.NewEncoder(w).Encode(map[string]any{

0 commit comments

Comments
 (0)