diff --git a/internal/controller/oauth_controller_test.go b/internal/controller/oauth_controller_test.go index c843eaf9..80939ab2 100644 --- a/internal/controller/oauth_controller_test.go +++ b/internal/controller/oauth_controller_test.go @@ -113,14 +113,6 @@ func TestOAuthController_isRedirectSafe(t *testing.T) { redirectURI: "https:/malicious", expected: false, }, - { - description: "Redirect URI without scheme returns false", - appURL: "https://tinyauth.example.com", - cookieDomain: "example.com", - subdomainsEnabled: true, - redirectURI: "tinyauth.example.com", - expected: false, - }, { description: "Relative redirect URI returns false", appURL: "https://tinyauth.example.com", diff --git a/pkg/validators/domain_validator.go b/pkg/validators/domain_validator.go index adeb7a85..c16966f4 100644 --- a/pkg/validators/domain_validator.go +++ b/pkg/validators/domain_validator.go @@ -63,7 +63,7 @@ func (v *DomainValidator) getURL(i string) (*url.URL, error) { return nil, ErrInvalidURL } - if v.opts.WithPort && !v.opts.WithScheme && u.Port() == "" { + if v.opts.WithPort && u.Port() == "" && (u.Scheme != "http" && u.Scheme != "https") { return nil, fmt.Errorf("port validation is enabled but port is missing in input url and schemes are not enabled") } diff --git a/pkg/validators/domain_validator_test.go b/pkg/validators/domain_validator_test.go index a3df8701..9789b139 100644 --- a/pkg/validators/domain_validator_test.go +++ b/pkg/validators/domain_validator_test.go @@ -104,6 +104,24 @@ func TestDomainValidator_SafeHostname(t *testing.T) { assert.ErrorContains(t, e, "input url is missing scheme") }, }, + { + description: "With port enabled but without scheme and url with https should work", + options: DomainValidatorOptions{WithPort: true}, + input: "https://example.com", + expected: "example.com", + }, + { + description: "With port enabled but without scheme and url with http should work", + options: DomainValidatorOptions{WithPort: true}, + input: "http://example.com", + expected: "example.com", + }, + { + description: "With port enabled but without scheme and url with port should work", + options: DomainValidatorOptions{WithPort: true}, + input: "example.com:8080", + expected: "example.com", + }, } for _, test := range tests { @@ -194,7 +212,7 @@ func TestDomainValidator_Validate(t *testing.T) { expected: "ssh://example.com:22", actual: "ssh://example.com", errorFunc: func(t *testing.T, e error) { - assert.ErrorContains(t, e, "failed to get effective port for url") + assert.ErrorContains(t, e, "port validation is enabled but port is missing in input url and schemes are not enabled") }, }, { @@ -203,9 +221,21 @@ func TestDomainValidator_Validate(t *testing.T) { expected: "ssh://example.com", actual: "ssh://example.com:22", errorFunc: func(t *testing.T, e error) { - assert.ErrorContains(t, e, "failed to get effective port for url") + assert.ErrorContains(t, e, "port validation is enabled but port is missing in input url and schemes are not enabled") }, }, + { + description: "Port enabled but no scheme and https scheme should pass", + options: DomainValidatorOptions{WithPort: true}, + expected: "https://example.com", + actual: "https://example.com", + }, + { + description: "Port enabled but no scheme and http scheme should pass", + options: DomainValidatorOptions{WithPort: true}, + expected: "http://example.com", + actual: "http://example.com", + }, { description: "Port validation with port and no scheme should fail with different port", options: DomainValidatorOptions{WithPort: true},