mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[MISC] Validate domain set in session is not a wildcard domain. (#1092)
This commit is contained in:
parent
5cc6dfc463
commit
b30b066138
|
@ -46,4 +46,8 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
|
||||||
if configuration.Domain == "" {
|
if configuration.Domain == "" {
|
||||||
validator.Push(errors.New("Set domain of the session object"))
|
validator.Push(errors.New("Set domain of the session object"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if strings.Contains(configuration.Domain, "*") {
|
||||||
|
validator.Push(errors.New("The domain of the session must be the root domain you're protecting instead of a wildcard domain"))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -121,6 +121,17 @@ func TestShouldRaiseErrorWhenDomainNotSet(t *testing.T) {
|
||||||
assert.EqualError(t, validator.Errors()[0], "Set domain of the session object")
|
assert.EqualError(t, validator.Errors()[0], "Set domain of the session object")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestShouldRaiseErrorWhenDomainIsWildcard(t *testing.T) {
|
||||||
|
validator := schema.NewStructValidator()
|
||||||
|
config := newDefaultSessionConfig()
|
||||||
|
config.Domain = "*.example.com"
|
||||||
|
|
||||||
|
ValidateSession(&config, validator)
|
||||||
|
|
||||||
|
assert.Len(t, validator.Errors(), 1)
|
||||||
|
assert.EqualError(t, validator.Errors()[0], "The domain of the session must be the root domain you're protecting instead of a wildcard domain")
|
||||||
|
}
|
||||||
|
|
||||||
func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
|
func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
|
||||||
validator := schema.NewStructValidator()
|
validator := schema.NewStructValidator()
|
||||||
config := newDefaultSessionConfig()
|
config := newDefaultSessionConfig()
|
||||||
|
|
Loading…
Reference in New Issue
Block a user