mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 07:34:06 +00:00
Allow multiple oauth domain uris
This commit is contained in:
parent
b44c48132d
commit
447f6befbe
@ -15,5 +15,6 @@ func TestGenConfig(t *testing.T) {
|
|||||||
ScopesSupported: []string{"openid", "email"},
|
ScopesSupported: []string{"openid", "email"},
|
||||||
ClaimsSupported: []string{"name", "email", "preferred_username"},
|
ClaimsSupported: []string{"name", "email", "preferred_username"},
|
||||||
GrantTypesSupported: []string{"authorization_code", "refresh_token"},
|
GrantTypesSupported: []string{"authorization_code", "refresh_token"},
|
||||||
|
JwksUri: "https://example.com/.well-known/jwks.json",
|
||||||
}, GenConfig("https://example.com", []string{"openid", "email"}, []string{"name", "email", "preferred_username"}))
|
}, GenConfig("https://example.com", []string{"openid", "email"}, []string{"name", "email", "preferred_username"}))
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ import (
|
|||||||
"github.com/julienschmidt/httprouter"
|
"github.com/julienschmidt/httprouter"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
|
||||||
@ -32,13 +33,19 @@ func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request
|
|||||||
}
|
}
|
||||||
|
|
||||||
redirectUri := form.Get("redirect_uri")
|
redirectUri := form.Get("redirect_uri")
|
||||||
if redirectUri != client.GetDomain() {
|
clientDomains := strings.Fields(client.GetDomain())
|
||||||
|
allowedDomains := make(map[string]bool)
|
||||||
|
for _, i := range clientDomains {
|
||||||
|
allowedDomains[i] = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if !allowedDomains[redirectUri] {
|
||||||
http.Error(rw, "Incorrect redirect URI", http.StatusBadRequest)
|
http.Error(rw, "Incorrect redirect URI", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if form.Has("cancel") {
|
if form.Has("cancel") {
|
||||||
uCancel, err := url.Parse(client.GetDomain())
|
uCancel, err := url.Parse(redirectUri)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(rw, "Invalid redirect URI", http.StatusBadRequest)
|
http.Error(rw, "Invalid redirect URI", http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
@ -62,7 +69,7 @@ func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request
|
|||||||
return
|
return
|
||||||
case !isSSO && !isPost:
|
case !isSSO && !isPost:
|
||||||
// find application redirect domain and name
|
// find application redirect domain and name
|
||||||
appUrlFull, err := url.Parse(client.GetDomain())
|
appUrlFull, err := url.Parse(redirectUri)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
http.Error(rw, "500 Internal Server Error: Failed to parse application redirect URL", http.StatusInternalServerError)
|
http.Error(rw, "500 Internal Server Error: Failed to parse application redirect URL", http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
|
Loading…
Reference in New Issue
Block a user