[MISC] Validate domain set in session is not a wildcard domain. (#1092)

This commit is contained in:
Clément Michaud 2020-06-07 17:47:02 +02:00 committed by GitHub
parent 5cc6dfc463
commit b30b066138
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 0 deletions

View File

@ -46,4 +46,8 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
if configuration.Domain == "" {
validator.Push(errors.New("Set domain of the session object"))
}
if strings.Contains(configuration.Domain, "*") {
validator.Push(errors.New("The domain of the session must be the root domain you're protecting instead of a wildcard domain"))
}
}

View File

@ -121,6 +121,17 @@ func TestShouldRaiseErrorWhenDomainNotSet(t *testing.T) {
assert.EqualError(t, validator.Errors()[0], "Set domain of the session object")
}
func TestShouldRaiseErrorWhenDomainIsWildcard(t *testing.T) {
validator := schema.NewStructValidator()
config := newDefaultSessionConfig()
config.Domain = "*.example.com"
ValidateSession(&config, validator)
assert.Len(t, validator.Errors(), 1)
assert.EqualError(t, validator.Errors()[0], "The domain of the session must be the root domain you're protecting instead of a wildcard domain")
}
func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
validator := schema.NewStructValidator()
config := newDefaultSessionConfig()