llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-07 19:50:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Refactor out application.IsRedirectUriValid()

Browse Source
This commit is contained in:
Gucheng Wang
2022-12-21 00:35:33 +08:00
parent 65d4946042
commit f075d0fd74
5 changed files with 18 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
controllers/token.go
View File

@@ -261,7 +261,7 @@ func (c *ApiController) TokenLogout() {
flag, application := object.DeleteTokenByAccessToken(token) flag, application := object.DeleteTokenByAccessToken(token)
redirectUri := c.Input().Get("post_logout_redirect_uri") redirectUri := c.Input().Get("post_logout_redirect_uri")
state := c.Input().Get("state") state := c.Input().Get("state")
if application != nil && object.CheckRedirectUriValid(application, redirectUri) { if application != nil && application.IsRedirectUriValid(redirectUri) {
c.Ctx.Redirect(http.StatusFound, redirectUri+"?state="+state) c.Ctx.Redirect(http.StatusFound, redirectUri+"?state="+state)
return return
} }

53
object/application.go
View File

@@ -16,7 +16,6 @@ package object
import ( import (
"fmt" "fmt"
"net/url"
"regexp" "regexp"
"strings" "strings"
@@ -354,52 +353,26 @@ func (application *Application) GetId() string {
return fmt.Sprintf("%s/%s", application.Owner, application.Name) return fmt.Sprintf("%s/%s", application.Owner, application.Name)
} }
func CheckRedirectUriValid(application *Application, redirectUri string) bool { func (application *Application) IsRedirectUriValid(redirectUri string) bool {
validUri := false isValid := false
for _, tmpUri := range application.RedirectUris { for _, targetUri := range application.RedirectUris {
tmpUriRegex := regexp.MustCompile(tmpUri) targetUriRegex := regexp.MustCompile(targetUri)
if tmpUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, tmpUri) { if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
validUri = true isValid = true
break break
} }
} }
return validUri return isValid
} }
func IsAllowOrigin(origin string) bool { func IsOriginAllowed(origin string) bool {
allowOrigin := false applications := GetApplications("")
originUrl, err := url.Parse(origin) for _, application := range applications {
if err != nil { if application.IsRedirectUriValid(origin) {
return false return true
}
rows, err := adapter.Engine.Cols("redirect_uris").Rows(&Application{})
if err != nil {
panic(err)
}
application := Application{}
for rows.Next() {
err := rows.Scan(&application)
if err != nil {
panic(err)
}
for _, tmpRedirectUri := range application.RedirectUris {
u1, err := url.Parse(tmpRedirectUri)
if err != nil {
continue
}
if u1.Scheme == originUrl.Scheme && u1.Host == originUrl.Host {
allowOrigin = true
break
}
}
if allowOrigin {
break
} }
} }
return false
return allowOrigin
} }
func getApplicationMap(organization string) map[string]*Application { func getApplicationMap(organization string) map[string]*Application {

4
object/saml_idp.go
View File

@@ -240,8 +240,8 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
} }
// verify samlRequest // verify samlRequest
if valid := CheckRedirectUriValid(application, authnRequest.Issuer.Url); !valid { if isValid := application.IsRedirectUriValid(authnRequest.Issuer.Url); !isValid {
return "", "", fmt.Errorf("err: invalid issuer url") return "", "", fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer.Url)
} }
// get certificate string // get certificate string

10
object/token.go
View File

@@ -18,7 +18,6 @@ import (
"crypto/sha256" "crypto/sha256"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"strings"
"time" "time"
"github.com/casdoor/casdoor/i18n" "github.com/casdoor/casdoor/i18n"
@@ -253,14 +252,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
return i18n.Translate(lang, "token:Invalid client_id"), nil return i18n.Translate(lang, "token:Invalid client_id"), nil
} }
validUri := false if !application.IsRedirectUriValid(redirectUri) {
for _, tmpUri := range application.RedirectUris {
if strings.Contains(redirectUri, tmpUri) {
validUri = true
break
}
}
if !validUri {
return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application
} }

2
routers/cors_filter.go
View File

@@ -34,7 +34,7 @@ func CorsFilter(ctx *context.Context) {
originConf := conf.GetConfigString("origin") originConf := conf.GetConfigString("origin")
if origin != "" && originConf != "" && origin != originConf { if origin != "" && originConf != "" && origin != originConf {
if object.IsAllowOrigin(origin) { if object.IsOriginAllowed(origin) {
ctx.Output.Header(headerAllowOrigin, origin) ctx.Output.Header(headerAllowOrigin, origin)
ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS") ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS")
ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization") ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")