Skip to content

Commit

Permalink
Merge pull request #942 from lijamie98/feature/anchor-328-fix-sep-10-…
Browse files Browse the repository at this point in the history
…domain-validation

[ANCHOR-328] Add homeDomain and webAuthDomain length validation
  • Loading branch information
lijamie98 authored Jun 14, 2023
2 parents 401009b + 73989f1 commit 6cbaa48
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
import org.stellar.anchor.config.Sep10Config;
import org.stellar.anchor.util.ListHelper;
import org.stellar.anchor.util.NetUtil;
import org.stellar.sdk.KeyPair;
import org.stellar.sdk.*;

@Data
public class PropertySep10Config implements Sep10Config, Validator {
Expand Down Expand Up @@ -87,6 +87,18 @@ void validateConfig(Errors errors) {
errors.rejectValue(
"homeDomain", "home-domain-empty", "The sep10.home_domain is not defined.");
} else {
try {
new ManageDataOperation.Builder(String.format("%s %s", homeDomain, "auth"), new byte[64])
.build();
} catch (IllegalArgumentException iaex) {
errors.rejectValue(
"homeDomain",
"sep10-home-domain-too-long",
format(
"The sep10.home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s",
homeDomain, iaex));
}

if (!NetUtil.isServerPortValid(homeDomain)) {
errors.rejectValue(
"homeDomain",
Expand All @@ -96,6 +108,17 @@ void validateConfig(Errors errors) {
}

if (isNotEmpty(webAuthDomain)) {
try {
new ManageDataOperation.Builder(webAuthDomain, new byte[64]).build();
} catch (IllegalArgumentException iaex) {
errors.rejectValue(
"webAuthDomain",
"sep10-web-auth-domain-too-long",
format(
"The sep10.web_auth_home_domain (%s) is longer than the maximum length (64) of a domain. Error=%s",
webAuthDomain, iaex));
}

if (!NetUtil.isServerPortValid(webAuthDomain)) {
errors.rejectValue(
"webAuthDomain",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import org.junit.jupiter.api.Assertions.*
import org.junit.jupiter.api.BeforeEach
import org.junit.jupiter.api.Test
import org.junit.jupiter.params.ParameterizedTest
import org.junit.jupiter.params.provider.CsvSource
import org.junit.jupiter.params.provider.MethodSource
import org.junit.jupiter.params.provider.NullSource
import org.junit.jupiter.params.provider.ValueSource
Expand Down Expand Up @@ -138,31 +139,42 @@ class Sep10ConfigTest {
}

@ParameterizedTest
@ValueSource(strings = ["stellar .org", "abc", "299.0.0.1"])
fun `test invalid web auth domains`(value: String) {
@CsvSource(
value =
[
"this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-web-auth-domain.stellar.org,sep10-web-auth-domain-too-long",
"stellar .org,sep10-web-auth-domain-invalid",
"abc,sep10-web-auth-domain-invalid",
"299.0.0.1,sep10-web-auth-domain-invalid",
]
)
fun `test invalid web auth domains`(value: String, expectedErrorCode: String) {
config.webAuthDomain = value
config.validateConfig(errors)
assertTrue(errors.hasErrors())
assertErrorCode(errors, "sep10-web-auth-domain-invalid")
assertErrorCode(errors, expectedErrorCode)
}

@ParameterizedTest
@ValueSource(
strings =
@CsvSource(
value =
[
"stellar .org",
"abc",
"299.0.0.1",
"http://stellar.org",
"https://stellar.org",
"://stellar.org"
"this-is-longer-than-64-bytes-which-is-the-maximum-length-for-a-home-domain.stellar.org,sep10-home-domain-too-long",
"stellar .org,sep10-home-domain-invalid",
"abc,sep10-home-domain-invalid",
"299.0.0.1,sep10-home-domain-invalid",
"http://stellar.org,sep10-home-domain-invalid",
"https://stellar.org,sep10-home-domain-invalid",
"://stellar.org,sep10-home-domain-invalid",
]
)
fun `test invalid home domains`(value: String) {
fun `test invalid home domains`(value: String, expectedErrorCode: String) {
config.homeDomain = value
config.validateConfig(errors)
assertTrue(errors.hasErrors())
assertErrorCode(errors, "sep10-home-domain-invalid")
assertErrorCode(errors, expectedErrorCode)
}

@Test
fun `test if web_auth_domain is not set, default to the domain of the host_url`() {
config.webAuthDomain = null
Expand All @@ -172,7 +184,7 @@ class Sep10ConfigTest {
}

@Test
fun `test if web_auth_domain is set, it is not default to the domain of the host_url`() {
fun `test if web_auth_domain is set, it is not default to the domain of the host_url`() {
config.webAuthDomain = "localhost:8080"
config.homeDomain = "www.stellar.org"
config.postConstruct()
Expand Down

0 comments on commit 6cbaa48

Please sign in to comment.