fix: fix domain validator with port but no scheme and https or http

This commit is contained in:
Stavros
2026-07-18 18:17:24 +03:00
parent d6087dc45e
commit 50c25e4478
3 changed files with 33 additions and 11 deletions
@@ -113,14 +113,6 @@ func TestOAuthController_isRedirectSafe(t *testing.T) {
redirectURI: "https:/malicious", redirectURI: "https:/malicious",
expected: false, expected: false,
}, },
{
description: "Redirect URI without scheme returns false",
appURL: "https://tinyauth.example.com",
cookieDomain: "example.com",
subdomainsEnabled: true,
redirectURI: "tinyauth.example.com",
expected: false,
},
{ {
description: "Relative redirect URI returns false", description: "Relative redirect URI returns false",
appURL: "https://tinyauth.example.com", appURL: "https://tinyauth.example.com",
+1 -1
View File
@@ -63,7 +63,7 @@ func (v *DomainValidator) getURL(i string) (*url.URL, error) {
return nil, ErrInvalidURL return nil, ErrInvalidURL
} }
if v.opts.WithPort && !v.opts.WithScheme && u.Port() == "" { if v.opts.WithPort && u.Port() == "" && (u.Scheme != "http" && u.Scheme != "https") {
return nil, fmt.Errorf("port validation is enabled but port is missing in input url and schemes are not enabled") return nil, fmt.Errorf("port validation is enabled but port is missing in input url and schemes are not enabled")
} }
+32 -2
View File
@@ -104,6 +104,24 @@ func TestDomainValidator_SafeHostname(t *testing.T) {
assert.ErrorContains(t, e, "input url is missing scheme") assert.ErrorContains(t, e, "input url is missing scheme")
}, },
}, },
{
description: "With port enabled but without scheme and url with https should work",
options: DomainValidatorOptions{WithPort: true},
input: "https://example.com",
expected: "example.com",
},
{
description: "With port enabled but without scheme and url with http should work",
options: DomainValidatorOptions{WithPort: true},
input: "http://example.com",
expected: "example.com",
},
{
description: "With port enabled but without scheme and url with port should work",
options: DomainValidatorOptions{WithPort: true},
input: "example.com:8080",
expected: "example.com",
},
} }
for _, test := range tests { for _, test := range tests {
@@ -194,7 +212,7 @@ func TestDomainValidator_Validate(t *testing.T) {
expected: "ssh://example.com:22", expected: "ssh://example.com:22",
actual: "ssh://example.com", actual: "ssh://example.com",
errorFunc: func(t *testing.T, e error) { errorFunc: func(t *testing.T, e error) {
assert.ErrorContains(t, e, "failed to get effective port for url") assert.ErrorContains(t, e, "port validation is enabled but port is missing in input url and schemes are not enabled")
}, },
}, },
{ {
@@ -203,9 +221,21 @@ func TestDomainValidator_Validate(t *testing.T) {
expected: "ssh://example.com", expected: "ssh://example.com",
actual: "ssh://example.com:22", actual: "ssh://example.com:22",
errorFunc: func(t *testing.T, e error) { errorFunc: func(t *testing.T, e error) {
assert.ErrorContains(t, e, "failed to get effective port for url") assert.ErrorContains(t, e, "port validation is enabled but port is missing in input url and schemes are not enabled")
}, },
}, },
{
description: "Port enabled but no scheme and https scheme should pass",
options: DomainValidatorOptions{WithPort: true},
expected: "https://example.com",
actual: "https://example.com",
},
{
description: "Port enabled but no scheme and http scheme should pass",
options: DomainValidatorOptions{WithPort: true},
expected: "http://example.com",
actual: "http://example.com",
},
{ {
description: "Port validation with port and no scheme should fail with different port", description: "Port validation with port and no scheme should fail with different port",
options: DomainValidatorOptions{WithPort: true}, options: DomainValidatorOptions{WithPort: true},