TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 20:27:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: restrict domain names to alphanumeric characters (#4104)

Browse Source 
* fix: restrict domain names to alphanumeric characters

* improve error message
This commit is contained in:
Livio Spring
2022-08-03 09:25:25 +02:00
committed by GitHub
parent b4d948cc75
commit 6b30be77e6
6 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
internal/command/instance_domain.go
View File

@@ -2,6 +2,7 @@ package command
import (
"context"
"regexp"
"strings"
"github.com/zitadel/zitadel/internal/api/authz"
@@ -14,6 +15,10 @@ import (
"github.com/zitadel/zitadel/internal/repository/project"
)
var (
allowDomainRunes = regexp.MustCompile("^[a-zA-Z0-9\\.\\-]+$")
)
func (c *Commands) AddInstanceDomain(ctx context.Context, instanceDomain string) (*domain.ObjectDetails, error) {
instanceAgg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
validation := c.addInstanceDomain(instanceAgg, instanceDomain, false)
@@ -84,6 +89,9 @@ func (c *Commands) addInstanceDomain(a *instance.Aggregate, instanceDomain strin
if instanceDomain = strings.TrimSpace(instanceDomain); instanceDomain == "" {
return nil, errors.ThrowInvalidArgument(nil, "INST-28nlD", "Errors.Invalid.Argument")
}
if !allowDomainRunes.MatchString(instanceDomain) {
return nil, errors.ThrowInvalidArgument(nil, "INST-S3v3w", "Errors.Instance.Domain.InvalidCharacter")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
domainWriteModel, err := getInstanceDomainWriteModel(ctx, filter, instanceDomain)
if err != nil {