mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:47:32 +00:00
feat: add default redirect uri and handling of unknown usernames (#3616)
* feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Livio Amstutz
@@ -1,6 +1,7 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
||||
@@ -19,6 +20,8 @@ type LoginPolicy struct {
|
||||
MultiFactors []MultiFactorType
|
||||
PasswordlessType PasswordlessType
|
||||
HidePasswordReset bool
|
||||
IgnoreUnknownUsernames bool
|
||||
DefaultRedirectURI string
|
||||
PasswordCheckLifetime time.Duration
|
||||
ExternalLoginCheckLifetime time.Duration
|
||||
MFAInitSkipLifetime time.Duration
|
||||
@@ -26,6 +29,24 @@ type LoginPolicy struct {
|
||||
MultiFactorCheckLifetime time.Duration
|
||||
}
|
||||
|
||||
func ValidateDefaultRedirectURI(rawURL string) bool {
|
||||
if rawURL == "" {
|
||||
return true
|
||||
}
|
||||
parsedURL, err := url.Parse(rawURL)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
switch parsedURL.Scheme {
|
||||
case "":
|
||||
return false
|
||||
case "http", "https":
|
||||
return parsedURL.Host != ""
|
||||
default:
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
type IDPProvider struct {
|
||||
models.ObjectRoot
|
||||
Type IdentityProviderType
|
||||
|
||||
73
internal/domain/policy_login_test.go
Normal file
73
internal/domain/policy_login_test.go
Normal file
@@ -0,0 +1,73 @@
|
||||
package domain
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestValidateDefaultRedirectURI(t *testing.T) {
|
||||
type args struct {
|
||||
rawURL string
|
||||
}
|
||||
tests := []struct {
|
||||
name string
|
||||
args args
|
||||
want bool
|
||||
}{
|
||||
{
|
||||
"invalid url, false",
|
||||
args{
|
||||
rawURL: string('\n'),
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"empty schema, false",
|
||||
args{
|
||||
rawURL: "url",
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"empty http host, false",
|
||||
args{
|
||||
rawURL: "http://",
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"empty https host, false",
|
||||
args{
|
||||
rawURL: "https://",
|
||||
},
|
||||
false,
|
||||
},
|
||||
{
|
||||
"https, ok",
|
||||
args{
|
||||
rawURL: "https://test",
|
||||
},
|
||||
true,
|
||||
},
|
||||
{
|
||||
"custom schema, ok",
|
||||
args{
|
||||
rawURL: "custom://",
|
||||
},
|
||||
true,
|
||||
},
|
||||
{
|
||||
"empty url, ok",
|
||||
args{
|
||||
rawURL: "",
|
||||
},
|
||||
true,
|
||||
},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
assert.Equalf(t, tt.want, ValidateDefaultRedirectURI(tt.args.rawURL), "ValidateDefaultRedirectURI(%v)", tt.args.rawURL)
|
||||
})
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user