authelia/internal/utils/safe_redirection.go

package utils

import (
	"fmt"
	"net/url"
	"strings"
)

// IsRedirectionSafe determines whether the URL is safe to be redirected to.
func IsRedirectionSafe(url url.URL, protectedDomain string) bool {
	if url.Scheme != "https" {
		return false
	}

	if !strings.HasSuffix(url.Hostname(), protectedDomain) {
		return false
	}

	return true
}

// IsRedirectionURISafe determines whether the URI is safe to be redirected to.
func IsRedirectionURISafe(uri, protectedDomain string) (bool, error) {
	targetURL, err := url.ParseRequestURI(uri)

	if err != nil {
		return false, fmt.Errorf("Unable to parse redirection URI %s: %w", uri, err)
	}

	return targetURL != nil && IsRedirectionSafe(*targetURL, protectedDomain), nil
}
[FIX] Fix default redirection URL not taken into account (#600) * Remove unused mongo docker-compose file. * Default redirection URL was not taken into account. * Fix possible storage options in config template. * Remove useless checks in u2f registration endpoints. * Add default redirection url in config of duo suite. * Fix log line in response handler of 2FA methods. * Fix integration tests. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2020-02-01 19:54:50 +07:00			`package utils`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-25 04:52:08 +07:00
			`import (`
fix: user is now redirected when authenticated (#2082) * fix(handlers,web): user is now redirected when authenticated Fix: #1788 * remove dead code and fix ci issues * fix infinite loop in frontend * fix issue with integration tests * handle bot recommendation * fix integration test & add dot to comment * fix last integration test * Update api/openapi.yml Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update api/openapi.yml * Update openapi.yml * refactor: valid -> safe * refactor: adjust merge conflicts * Apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * fix: adjust test return messaging Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-02 13:15:38 +07:00			`"fmt"`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-25 04:52:08 +07:00			`"net/url"`
			`"strings"`
			`)`

fix: user is now redirected when authenticated (#2082) * fix(handlers,web): user is now redirected when authenticated Fix: #1788 * remove dead code and fix ci issues * fix infinite loop in frontend * fix issue with integration tests * handle bot recommendation * fix integration test & add dot to comment * fix last integration test * Update api/openapi.yml Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update api/openapi.yml * Update openapi.yml * refactor: valid -> safe * refactor: adjust merge conflicts * Apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * fix: adjust test return messaging Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-02 13:15:38 +07:00			`// IsRedirectionSafe determines whether the URL is safe to be redirected to.`
[FIX] Fix default redirection URL not taken into account (#600) * Remove unused mongo docker-compose file. * Default redirection URL was not taken into account. * Fix possible storage options in config template. * Remove useless checks in u2f registration endpoints. * Add default redirection url in config of duo suite. * Fix log line in response handler of 2FA methods. * Fix integration tests. Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2020-02-01 19:54:50 +07:00			`func IsRedirectionSafe(url url.URL, protectedDomain string) bool {`
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-25 04:52:08 +07:00			`if url.Scheme != "https" {`
			`return false`
			`}`

			`if !strings.HasSuffix(url.Hostname(), protectedDomain) {`
			`return false`
			`}`
[CI] Add wsl linter (#980) * [CI] Add wsl linter * Implement wsl recommendations Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-06 02:35:32 +07:00
Bootstrap Go implementation of Authelia. This is going to be the v4. Expected improvements: - More reliable due to static typing. - Bump of performance. - Improvement of logging. - Authelia can be shipped as a single binary. - Will likely work on ARM architecture. 2019-04-25 04:52:08 +07:00			`return true`
			`}`
fix: user is now redirected when authenticated (#2082) * fix(handlers,web): user is now redirected when authenticated Fix: #1788 * remove dead code and fix ci issues * fix infinite loop in frontend * fix issue with integration tests * handle bot recommendation * fix integration test & add dot to comment * fix last integration test * Update api/openapi.yml Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update web/src/services/SafeRedirection.ts Co-authored-by: Amir Zarrinkafsh <nightah@me.com> * Update api/openapi.yml * Update openapi.yml * refactor: valid -> safe * refactor: adjust merge conflicts * Apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> * fix: adjust test return messaging Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2021-08-02 13:15:38 +07:00
			`// IsRedirectionURISafe determines whether the URI is safe to be redirected to.`
			`func IsRedirectionURISafe(uri, protectedDomain string) (bool, error) {`
			`targetURL, err := url.ParseRequestURI(uri)`

			`if err != nil {`
			`return false, fmt.Errorf("Unable to parse redirection URI %s: %w", uri, err)`
			`}`

			`return targetURL != nil && IsRedirectionSafe(*targetURL, protectedDomain), nil`
			`}`