From 07b52bd676475451a3ce44e70484e5c963a6a57d Mon Sep 17 00:00:00 2001
From: uoe-pjackson <56168566+uoe-pjackson@users.noreply.github.com>
Date: Mon, 23 Sep 2024 14:39:28 +0100
Subject: [PATCH] Apply suggestions from code review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Romain Tartière <romain@blogreen.org>
---
 types/oidcsettings.pp | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/types/oidcsettings.pp b/types/oidcsettings.pp
index 8a1493528..0401336cf 100644
--- a/types/oidcsettings.pp
+++ b/types/oidcsettings.pp
@@ -20,7 +20,7 @@
     Optional['Scope']                                      => Pattern[/^\"?[A-Za-z0-9\-\._\s]+\"?$/],
     Optional['AuthRequestParams']                          => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
     Optional['SSLValidateServer']                          => Enum['On', 'Off'],
-    Optional['UserInfoRefreshInterval']                    => Pattern[/^[0-9]+(\s?(logout_on_error|authenticate_on_error|502_on_error))?$/],
+    Optional['UserInfoRefreshInterval']                    => Pattern[/^[0-9]+(\s+(logout_on_error|authenticate_on_error|502_on_error))?$/],
     Optional['JWKSRefreshInterval']                        => Integer,
     Optional['UserInfoTokenMethod']                        => Enum['authz_header', 'post_param'],
     Optional['ProviderAuthRequestMethod']                  => Enum['GET', 'POST', 'PAR'],
@@ -58,7 +58,7 @@
     Optional['OAuthIntrospectionEndpointParams']           => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
     Optional['OAuthIntrospectionTokenParamName']           => String,
     Optional['OAuthTokenExpiryClaim']                      => Pattern[/^[A-Za-z0-9\-\._]+\s?((absolute|relative)+(\s(mandatory|optional))?)?$/],
-    Optional['OAuthTokenIntrospectionInterval']            => Integer,
+    Optional['OAuthTokenIntrospectionInterval']            => Integer[-1],
     Optional['OAuthSSLValidateServer']                     => Enum['On', 'Off'],
     Optional['OAuthVerifySharedKeys']                      => String,
     Optional['OAuthVerifyCertFiles']                       => String,
@@ -74,7 +74,7 @@
     Optional['CookieSameSite']                             => Enum['On', 'Off'],
     Optional['PassCookies']                                => String,
     Optional['StripCookies']                               => String,
-    Optional['StateMaxNumberOfCookies']                    => Pattern[/^[0-9]+(\s?(false|true))?$/],
+    Optional['StateMaxNumberOfCookies']                    => Pattern[/^[0-9]+(\s(false|true))?$/],
     Optional['SessionInactivityTimeout']                   => Integer,
     Optional['SessionMaxDuration']                         => Integer,
     Optional['SessionType']                                => Pattern[/^(server-cache(:persistent)?|client-cookie(:persistent|:store_id_token|:persistent:store_id_token)?)$/],
@@ -92,7 +92,7 @@
     Optional['MemCacheConnectionsTTL']                     => Integer,
     Optional['RedisCacheServer']                           => String,
     Optional['RedisCachePassword']                         => String,
-    Optional['RedisCacheConnectTimeout']                   => Pattern[/^[0-9]+\s?[0-9]*$/],
+    Optional['RedisCacheConnectTimeout']                   => Pattern[/^[0-9]+(\s[0-9]+)?$/],
     Optional['RedisCacheDatabase']                         => Integer,
     Optional['RedisCacheTimeout']                          => Integer,
     Optional['RedisCacheUsername']                         => String,
@@ -114,8 +114,8 @@
     Optional['StateTimeout']                               => Integer,
     Optional['ScrubRequestHeaders']                        => Enum['On', 'Off'],
     Optional['OutgoingProxy']                              => String,
-    Optional['UnAuthAction']                               => Pattern[/^(auth|pass|401|407|410)\s.*/],
-    Optional['UnAutzAction']                               => Pattern[/^(none|headers|environment|both)(\s+(latin1|base64url|none)+)?$/],
+    Optional['UnAuthAction']                               => Pattern[/^(auth|pass|401|407|410)(\s.*)?$/],
+    Optional['UnAutzAction']                               => Pattern[/^(401|403|302|auth)(\s.*)?$/],
     Optional['PreservePost']                               => Enum['On', 'Off'],
     Optional['PreservePostTemplates']                      => String,
     Optional['PassRefreshToken']                           => Enum['On', 'Off'],
@@ -130,12 +130,12 @@
     Optional['DefaultLoggedOutURL']                        => String,
     Optional['DPoPMode']                                   => String,
     Optional['FilterClaimsExpr']                           => String,
-    Optional['LogoutRequestParams']                        => Pattern[/^[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+(&[A-Za-z0-9\-\._%]+=[A-Za-z0-9\-\._%]+)*$/],
+    Optional['LogoutRequestParams']                        => Pattern[/^[^=]+=[^&]+(&[^=]+=[^&]+)*$/],
     Optional['LogoutXFrameOptions']                        => String,
     Optional['MetricsData']                                => String,
     Optional['MetricsPublish']                             => String,
     Optional['PassAccessToken']                            => Enum['On', 'Off'],
-    Optional['ProviderPushedAuthorizationRequestEndpoint'] => Variant[Stdlib::HTTPSUrl, Stdlib::HttpUrl],
+    Optional['ProviderPushedAuthorizationRequestEndpoint'] => Stdlib::HttpUrl,
     Optional['ProviderSignedJwksUri']                      => String,
     Optional['ProviderVerifyCertFiles']                    => String,
     Optional['RedirectURLsAllowed']                        => String,