1f349/lavender
4
0
Fork 0
mirror of https://github.com/1f349/lavender.git synced 2024-12-21 23:24:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow multiple oauth domain uris

Browse Source
This commit is contained in:
Melon 2024-07-27 22:26:00 +01:00
parent b44c48132d
commit 447f6befbe
Signed by: melon
GPG Key ID: 6C9D970C50D26A25
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openid/config_test.go
View File

@ -15,5 +15,6 @@ func TestGenConfig(t *testing.T) {
ScopesSupported: []string{"openid", "email"}, ScopesSupported: []string{"openid", "email"},
ClaimsSupported: []string{"name", "email", "preferred_username"}, ClaimsSupported: []string{"name", "email", "preferred_username"},
GrantTypesSupported: []string{"authorization_code", "refresh_token"}, GrantTypesSupported: []string{"authorization_code", "refresh_token"},
JwksUri: "https://example.com/.well-known/jwks.json",
}, GenConfig("https://example.com", []string{"openid", "email"}, []string{"name", "email", "preferred_username"})) }, GenConfig("https://example.com", []string{"openid", "email"}, []string{"name", "email", "preferred_username"}))
} }

13
server/oauth.go
View File

@ -6,6 +6,7 @@ import (
"github.com/julienschmidt/httprouter" "github.com/julienschmidt/httprouter"
"net/http" "net/http"
"net/url" "net/url"
"strings"
) )
func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) { func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request, _ httprouter.Params, auth UserAuth) {
@ -32,13 +33,19 @@ func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request
} }
redirectUri := form.Get("redirect_uri") redirectUri := form.Get("redirect_uri")
if redirectUri != client.GetDomain() { clientDomains := strings.Fields(client.GetDomain())
allowedDomains := make(map[string]bool)
for _, i := range clientDomains {
allowedDomains[i] = true
}
if !allowedDomains[redirectUri] {
http.Error(rw, "Incorrect redirect URI", http.StatusBadRequest) http.Error(rw, "Incorrect redirect URI", http.StatusBadRequest)
return return
} }
if form.Has("cancel") { if form.Has("cancel") {
uCancel, err := url.Parse(client.GetDomain()) uCancel, err := url.Parse(redirectUri)
if err != nil { if err != nil {
http.Error(rw, "Invalid redirect URI", http.StatusBadRequest) http.Error(rw, "Invalid redirect URI", http.StatusBadRequest)
return return
@ -62,7 +69,7 @@ func (h *HttpServer) authorizeEndpoint(rw http.ResponseWriter, req *http.Request
return return
case !isSSO && !isPost: case !isSSO && !isPost:
// find application redirect domain and name // find application redirect domain and name
appUrlFull, err := url.Parse(client.GetDomain()) appUrlFull, err := url.Parse(redirectUri)
if err != nil { if err != nil {
http.Error(rw, "500 Internal Server Error: Failed to parse application redirect URL", http.StatusInternalServerError) http.Error(rw, "500 Internal Server Error: Failed to parse application redirect URL", http.StatusInternalServerError)
return return