MCPcopy
hub / github.com/mattermost/mattermost / ValidateWebAuthRedirectUrl

Function ValidateWebAuthRedirectUrl

server/channels/utils/utils.go:192–218  ·  view source on GitHub ↗

ValidateWebAuthRedirectUrl validates a RedirectURL passed during OAuth or SAML.

(config *model.Config, redirectURL string)

Source from the content-addressed store, hash-verified

190
191// ValidateWebAuthRedirectUrl validates a RedirectURL passed during OAuth or SAML.
192func ValidateWebAuthRedirectUrl(config *model.Config, redirectURL string) error {
193 u, err := url.Parse(redirectURL)
194 if err != nil {
195 return errors.Wrap(err, "failed to parse redirect URL")
196 }
197
198 if config.ServiceSettings.SiteURL == nil {
199 return errors.New("SiteURL is not configured")
200 }
201
202 // Allow relative URLs (no scheme/host) - they're internal paths
203 if u.Scheme == "" && u.Host == "" {
204 return nil
205 }
206 siteURL, err := url.Parse(*config.ServiceSettings.SiteURL)
207 if err != nil {
208 return errors.Wrap(err, "failed to parse SiteURL from config")
209 }
210
211 if u.Scheme != siteURL.Scheme {
212 return errors.Errorf("redirect URL scheme %q does not match site URL scheme %q", u.Scheme, siteURL.Scheme)
213 }
214 if u.Host != siteURL.Host {
215 return errors.Errorf("redirect URL host %q does not match site URL host %q", u.Host, siteURL.Host)
216 }
217 return nil
218}
219
220// Validates Mobile Custom URL Scheme passed during OAuth or SAML
221func IsValidMobileAuthRedirectURL(config *model.Config, redirectURL string) bool {

Callers 1

Calls 3

ErrorfMethod · 0.65
ParseMethod · 0.45
WrapMethod · 0.45

Tested by 1

Used in the wild real call sites across dependent graphs

searching dependent graphs…