Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rule-restricted wildcard match of single subdomain #488 #1783

Closed
wants to merge 6 commits into from

Conversation

tom-haines
Copy link
Contributor

@tom-haines tom-haines commented Aug 19, 2020

Add support for rule-restricted wildcard match of lowest-level subdomain via LRU cache.

This PR:

@tom-haines tom-haines force-pushed the 448-redirect-uri-regex branch from a4a0a0a to 2737347 Compare August 19, 2020 10:29
@tom-haines tom-haines closed this Aug 19, 2020
@tom-haines tom-haines deleted the 448-redirect-uri-regex branch August 19, 2020 10:30
@tom-haines tom-haines restored the 448-redirect-uri-regex branch August 19, 2020 10:30
@tom-haines tom-haines reopened this Aug 19, 2020
@tom-haines tom-haines force-pushed the 448-redirect-uri-regex branch from aab3288 to cb7d216 Compare August 19, 2020 16:15
@tom-haines tom-haines force-pushed the 448-redirect-uri-regex branch 2 times, most recently from 33d7e53 to d036770 Compare August 20, 2020 07:41
@tom-haines
Copy link
Contributor Author

tom-haines commented Aug 20, 2020

@postmaxin
I've added globber support and zero, one or more wildcards (wildcards operate within single subdomain portion only).
I also took opportunity to clean up performance and testing aspects, and to use the matcher only on the hostname component to avoid injection type issues as we can enforce end of host stream matches e.g. "example.com" which could otherwise be added to the path component of the URL.
Docs updated.
It's designed in a way that should support utf-8 primary domains as well for cyrillic chars etc.
Ready for next review.

@@ -575,7 +588,8 @@ func validateRedirectURI(client storage.Client, redirectURI string) bool {
if err != nil {
return false
}
if u.Scheme != "http" {
// public clients should use http or https (#1300)
if u.Scheme != "http" && u.Scheme != "https" {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was discussed in open issue #1300 – it was a quick/logical quick so included here, but not relevant to main issue of wildcard support.

@carpenike
Copy link

Would also like to see this as well.

@sukolenvo sukolenvo force-pushed the 448-redirect-uri-regex branch from 7b626e8 to 37fa1fe Compare September 3, 2020 10:26
@sagikazarmark sagikazarmark self-requested a review September 4, 2020 18:34
@jvanzyl
Copy link

jvanzyl commented Sep 23, 2020

This would be awesome to get into the next release! I know everyone is busy but it would be great if this can be reviewed!

tom-haines and others added 5 commits October 28, 2020 10:45
…ildcard matcher to operate within host portion of URL to ensure immune to injection type patterns in the path

Signed-off-by: Thomas Haines <[email protected]>
@sukolenvo sukolenvo force-pushed the 448-redirect-uri-regex branch from 37fa1fe to d195453 Compare October 28, 2020 02:49
Signed-off-by: vadym <[email protected]>
@Smana
Copy link

Smana commented Apr 5, 2021

Looking forward testing this, could we help making this feature its way to the next release.

gertd added a commit to aserto-dev/dex that referenced this pull request Nov 9, 2021
@tom-haines tom-haines closed this Mar 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants