ValidateWebAuthRedirectUrl validates a RedirectURL passed during OAuth or SAML.
(config *model.Config, redirectURL string)
| 190 | |
| 191 | // ValidateWebAuthRedirectUrl validates a RedirectURL passed during OAuth or SAML. |
| 192 | func ValidateWebAuthRedirectUrl(config *model.Config, redirectURL string) error { |
| 193 | u, err := url.Parse(redirectURL) |
| 194 | if err != nil { |
| 195 | return errors.Wrap(err, "failed to parse redirect URL") |
| 196 | } |
| 197 | |
| 198 | if config.ServiceSettings.SiteURL == nil { |
| 199 | return errors.New("SiteURL is not configured") |
| 200 | } |
| 201 | |
| 202 | // Allow relative URLs (no scheme/host) - they're internal paths |
| 203 | if u.Scheme == "" && u.Host == "" { |
| 204 | return nil |
| 205 | } |
| 206 | siteURL, err := url.Parse(*config.ServiceSettings.SiteURL) |
| 207 | if err != nil { |
| 208 | return errors.Wrap(err, "failed to parse SiteURL from config") |
| 209 | } |
| 210 | |
| 211 | if u.Scheme != siteURL.Scheme { |
| 212 | return errors.Errorf("redirect URL scheme %q does not match site URL scheme %q", u.Scheme, siteURL.Scheme) |
| 213 | } |
| 214 | if u.Host != siteURL.Host { |
| 215 | return errors.Errorf("redirect URL host %q does not match site URL host %q", u.Host, siteURL.Host) |
| 216 | } |
| 217 | return nil |
| 218 | } |
| 219 | |
| 220 | // Validates Mobile Custom URL Scheme passed during OAuth or SAML |
| 221 | func IsValidMobileAuthRedirectURL(config *model.Config, redirectURL string) bool { |
searching dependent graphs…