From a814efc73e9f72c6a47d597e26c377388ca5c9d3 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Wed, 14 Aug 2024 14:01:52 -0500 Subject: [PATCH 1/9] fix: validate RedirectURIs when saving an Oauth2 Application --- modules/validation/binding.go | 29 +++++++++++++++++++++++ routers/web/user/setting/oauth2_common.go | 15 ++++++++++++ services/forms/user_form.go | 2 +- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/modules/validation/binding.go b/modules/validation/binding.go index cb0a5063e509b..1a735c22b3934 100644 --- a/modules/validation/binding.go +++ b/modules/validation/binding.go @@ -10,6 +10,7 @@ import ( "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/git" + "code.gitea.io/gitea/modules/util" "gitea.com/go-chi/binding" "github.com/gobwas/glob" @@ -31,6 +32,7 @@ const ( // AddBindingRules adds additional binding rules func AddBindingRules() { addGitRefNameBindingRule() + addValidURLListBindingRule() addValidURLBindingRule() addValidSiteURLBindingRule() addGlobPatternRule() @@ -58,6 +60,33 @@ func addGitRefNameBindingRule() { }) } +func addValidURLListBindingRule() { + // URL validation rule + binding.AddRule(&binding.Rule{ + IsMatch: func(rule string) bool { + return strings.HasPrefix(rule, "ValidUrlList") + }, + IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { + str := fmt.Sprintf("%v", val) + if len(str) == 0 { + errs.Add([]string{name}, binding.ERR_URL, "Url") + return false, errs + } + + ok := true + urls := util.SplitTrimSpace(str, "\n") + for _, u := range urls { + if !IsValidURL(u) { + ok = false + errs.Add([]string{"RedirectURIs"}, binding.ERR_URL, u) + } + } + + return ok, errs + }, + }) +} + func addValidURLBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ diff --git a/routers/web/user/setting/oauth2_common.go b/routers/web/user/setting/oauth2_common.go index 6029d7bedb0a6..8b5d6cdf8a6dd 100644 --- a/routers/web/user/setting/oauth2_common.go +++ b/routers/web/user/setting/oauth2_common.go @@ -96,6 +96,21 @@ func (oa *OAuth2CommonHandlers) EditSave(ctx *context.Context) { form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm) if ctx.HasError() { + app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id")) + if err != nil { + if auth.IsErrOAuthApplicationNotFound(err) { + ctx.NotFound("Application not found", err) + return + } + ctx.ServerError("GetOAuth2ApplicationByID", err) + return + } + if app.UID != oa.OwnerID { + ctx.NotFound("Application not found", nil) + return + } + ctx.Data["App"] = app + oa.renderEditPage(ctx) return } diff --git a/services/forms/user_form.go b/services/forms/user_form.go index 5b7a43642ab2f..9e0069c482c6b 100644 --- a/services/forms/user_form.go +++ b/services/forms/user_form.go @@ -366,7 +366,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) { // EditOAuth2ApplicationForm form for editing oauth2 applications type EditOAuth2ApplicationForm struct { Name string `binding:"Required;MaxSize(255)" form:"application_name"` - RedirectURIs string `binding:"Required" form:"redirect_uris"` + RedirectURIs string `binding:"Required,ValidUrlList" form:"redirect_uris"` ConfidentialClient bool `form:"confidential_client"` SkipSecondaryAuthorization bool `form:"skip_secondary_authorization"` } From 6ce43abafb023ae21b29c84462476091855df144 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Thu, 15 Aug 2024 13:35:15 -0500 Subject: [PATCH 2/9] test: avoid loading fixtures in user settings tests --- tests/integration/user_settings_test.go | 49 +++++++++++++++---------- 1 file changed, 30 insertions(+), 19 deletions(-) diff --git a/tests/integration/user_settings_test.go b/tests/integration/user_settings_test.go index 2103c92d58372..2f22837749545 100644 --- a/tests/integration/user_settings_test.go +++ b/tests/integration/user_settings_test.go @@ -51,8 +51,10 @@ func WithDisabledFeatures(t *testing.T, features ...string) { } func TestUserSettingsAccount(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("all features enabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() session := loginUser(t, "user2") req := NewRequest(t, "GET", "/user/settings/account") @@ -68,7 +70,7 @@ func TestUserSettingsAccount(t *testing.T) { }) t.Run("credentials disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials) @@ -85,7 +87,7 @@ func TestUserSettingsAccount(t *testing.T) { }) t.Run("deletion disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureDeletion) @@ -102,7 +104,7 @@ func TestUserSettingsAccount(t *testing.T) { }) t.Run("deletion, credentials and email notifications are disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() mail := setting.Service.EnableNotifyMail setting.Service.EnableNotifyMail = false @@ -119,8 +121,10 @@ func TestUserSettingsAccount(t *testing.T) { } func TestUserSettingsUpdatePassword(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("enabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() session := loginUser(t, "user2") @@ -138,7 +142,7 @@ func TestUserSettingsUpdatePassword(t *testing.T) { }) t.Run("credentials disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials) @@ -156,8 +160,10 @@ func TestUserSettingsUpdatePassword(t *testing.T) { } func TestUserSettingsUpdateEmail(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("credentials disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials) @@ -175,8 +181,10 @@ func TestUserSettingsUpdateEmail(t *testing.T) { } func TestUserSettingsDeleteEmail(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("credentials disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials) @@ -194,8 +202,10 @@ func TestUserSettingsDeleteEmail(t *testing.T) { } func TestUserSettingsDelete(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("deletion disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureDeletion) @@ -224,9 +234,10 @@ func TestUserSettingsAppearance(t *testing.T) { } func TestUserSettingsSecurity(t *testing.T) { - t.Run("credentials disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrepareTestEnv(t)() + t.Run("credentials disabled", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials) session := loginUser(t, "user2") @@ -240,8 +251,7 @@ func TestUserSettingsSecurity(t *testing.T) { }) t.Run("mfa disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() - + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageMFA) session := loginUser(t, "user2") @@ -255,8 +265,7 @@ func TestUserSettingsSecurity(t *testing.T) { }) t.Run("credentials and mfa disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() - + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageCredentials, setting.UserFeatureManageMFA) session := loginUser(t, "user2") @@ -277,8 +286,10 @@ func TestUserSettingsApplications(t *testing.T) { } func TestUserSettingsKeys(t *testing.T) { + defer tests.PrepareTestEnv(t)() + t.Run("all enabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() session := loginUser(t, "user2") req := NewRequest(t, "GET", "/user/settings/keys") @@ -292,7 +303,7 @@ func TestUserSettingsKeys(t *testing.T) { }) t.Run("ssh keys disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageSSHKeys) @@ -308,7 +319,7 @@ func TestUserSettingsKeys(t *testing.T) { }) t.Run("gpg keys disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageGPGKeys) @@ -324,7 +335,7 @@ func TestUserSettingsKeys(t *testing.T) { }) t.Run("ssh & gpg keys disabled", func(t *testing.T) { - defer tests.PrepareTestEnv(t)() + defer tests.PrintCurrentTest(t)() WithDisabledFeatures(t, setting.UserFeatureManageSSHKeys, setting.UserFeatureManageGPGKeys) From 6c2ae7f9201e2e38a21bdb5e407a7384f5a30a3f Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Thu, 15 Aug 2024 14:03:06 -0500 Subject: [PATCH 3/9] test: add tests to verify that invalid redirects result in an error message --- tests/integration/user_settings_test.go | 56 ++++++++++++++++++++++--- 1 file changed, 51 insertions(+), 5 deletions(-) diff --git a/tests/integration/user_settings_test.go b/tests/integration/user_settings_test.go index 2f22837749545..2df311b9f5ac0 100644 --- a/tests/integration/user_settings_test.go +++ b/tests/integration/user_settings_test.go @@ -10,6 +10,8 @@ import ( "code.gitea.io/gitea/modules/container" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/tests" + + "github.com/stretchr/testify/assert" ) // Validate that each navbar setting is correct. This checks that the @@ -277,12 +279,56 @@ func TestUserSettingsSecurity(t *testing.T) { func TestUserSettingsApplications(t *testing.T) { defer tests.PrepareTestEnv(t)() - session := loginUser(t, "user2") - req := NewRequest(t, "GET", "/user/settings/applications") - resp := session.MakeRequest(t, req, http.StatusOK) - doc := NewHTMLParser(t, resp.Body) + t.Run("Applications", func(t *testing.T) { + session := loginUser(t, "user2") + req := NewRequest(t, "GET", "/user/settings/applications") + resp := session.MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) - assertNavbar(t, doc) + assertNavbar(t, doc) + }) + + t.Run("OAuth2", func(t *testing.T) { + session := loginUser(t, "user2") + + t.Run("OAuth2ApplicationShow", func(t *testing.T) { + req := NewRequest(t, "GET", "/user/settings/applications/oauth2/2") + resp := session.MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) + + assertNavbar(t, doc) + }) + + t.Run("OAuthApplicationsEdit", func(t *testing.T) { + req := NewRequest(t, "GET", "/user/settings/applications/oauth2/2") + resp := session.MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) + + t.Run("Invalid URL", func(t *testing.T) { + req := NewRequestWithValues(t, "POST", "/user/settings/applications/oauth2/2", map[string]string{ + "_csrf": doc.GetCSRF(), + "application_name": "Test native app", + "redirect_uris": "ftp://127.0.0.1", + "confidential_client": "false", + }) + resp := session.MakeRequest(t, req, http.StatusOK) + doc := NewHTMLParser(t, resp.Body) + + msg := doc.Find(".flash-error p").Text() + assert.Equal(t, `form.RedirectURIs"ftp://127.0.0.1" is not a valid URL.`, msg) + }) + + t.Run("OK", func(t *testing.T) { + req := NewRequestWithValues(t, "POST", "/user/settings/applications/oauth2/2", map[string]string{ + "_csrf": doc.GetCSRF(), + "application_name": "Test native app", + "redirect_uris": "http://127.0.0.1", + "confidential_client": "false", + }) + session.MakeRequest(t, req, http.StatusSeeOther) + }) + }) + }) } func TestUserSettingsKeys(t *testing.T) { From 3fbfdb25beb9230b7e0402b80b8678baceb4ab9a Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Thu, 15 Aug 2024 14:11:40 -0500 Subject: [PATCH 4/9] fix: remove TODO --- routers/web/user/setting/oauth2_common.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/routers/web/user/setting/oauth2_common.go b/routers/web/user/setting/oauth2_common.go index 8b5d6cdf8a6dd..68016b8dfffaf 100644 --- a/routers/web/user/setting/oauth2_common.go +++ b/routers/web/user/setting/oauth2_common.go @@ -47,7 +47,6 @@ func (oa *OAuth2CommonHandlers) AddApp(ctx *context.Context) { return } - // TODO validate redirect URI app, err := auth.CreateOAuth2Application(ctx, auth.CreateOAuth2ApplicationOptions{ Name: form.Name, RedirectURIs: util.SplitTrimSpace(form.RedirectURIs, "\n"), @@ -115,7 +114,6 @@ func (oa *OAuth2CommonHandlers) EditSave(ctx *context.Context) { return } - // TODO validate redirect URI var err error if ctx.Data["App"], err = auth.UpdateOAuth2Application(ctx, auth.UpdateOAuth2ApplicationOptions{ ID: ctx.PathParamInt64("id"), From 1bdfb9444e4bd21ce2695f9638ba1a4d5589e80e Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Mon, 25 Nov 2024 15:28:10 -0600 Subject: [PATCH 5/9] fix: update for main --- routers/web/user/setting/oauth2_common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/user/setting/oauth2_common.go b/routers/web/user/setting/oauth2_common.go index 68016b8dfffaf..e93e9e19548b4 100644 --- a/routers/web/user/setting/oauth2_common.go +++ b/routers/web/user/setting/oauth2_common.go @@ -95,7 +95,7 @@ func (oa *OAuth2CommonHandlers) EditSave(ctx *context.Context) { form := web.GetForm(ctx).(*forms.EditOAuth2ApplicationForm) if ctx.HasError() { - app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.ParamsInt64("id")) + app, err := auth.GetOAuth2ApplicationByID(ctx, ctx.PathParamInt64("id")) if err != nil { if auth.IsErrOAuthApplicationNotFound(err) { ctx.NotFound("Application not found", err) From ce4145f028b694f0307f16081a97ae5750737569 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Mon, 25 Nov 2024 15:31:51 -0600 Subject: [PATCH 6/9] test: add missing PrintCurrentTest --- tests/integration/user_settings_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/integration/user_settings_test.go b/tests/integration/user_settings_test.go index 2df311b9f5ac0..d8402eb25f180 100644 --- a/tests/integration/user_settings_test.go +++ b/tests/integration/user_settings_test.go @@ -280,6 +280,8 @@ func TestUserSettingsApplications(t *testing.T) { defer tests.PrepareTestEnv(t)() t.Run("Applications", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + session := loginUser(t, "user2") req := NewRequest(t, "GET", "/user/settings/applications") resp := session.MakeRequest(t, req, http.StatusOK) @@ -289,9 +291,13 @@ func TestUserSettingsApplications(t *testing.T) { }) t.Run("OAuth2", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + session := loginUser(t, "user2") t.Run("OAuth2ApplicationShow", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + req := NewRequest(t, "GET", "/user/settings/applications/oauth2/2") resp := session.MakeRequest(t, req, http.StatusOK) doc := NewHTMLParser(t, resp.Body) @@ -300,11 +306,15 @@ func TestUserSettingsApplications(t *testing.T) { }) t.Run("OAuthApplicationsEdit", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + req := NewRequest(t, "GET", "/user/settings/applications/oauth2/2") resp := session.MakeRequest(t, req, http.StatusOK) doc := NewHTMLParser(t, resp.Body) t.Run("Invalid URL", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + req := NewRequestWithValues(t, "POST", "/user/settings/applications/oauth2/2", map[string]string{ "_csrf": doc.GetCSRF(), "application_name": "Test native app", @@ -319,6 +329,8 @@ func TestUserSettingsApplications(t *testing.T) { }) t.Run("OK", func(t *testing.T) { + defer tests.PrintCurrentTest(t)() + req := NewRequestWithValues(t, "POST", "/user/settings/applications/oauth2/2", map[string]string{ "_csrf": doc.GetCSRF(), "application_name": "Test native app", From 57958d2bf2be43f0581f106afd2e1f66c148b1a2 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Tue, 26 Nov 2024 10:24:32 -0600 Subject: [PATCH 7/9] fix wrong binding declaration --- services/forms/user_form.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/forms/user_form.go b/services/forms/user_form.go index 9e0069c482c6b..ed79936add68e 100644 --- a/services/forms/user_form.go +++ b/services/forms/user_form.go @@ -366,7 +366,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) { // EditOAuth2ApplicationForm form for editing oauth2 applications type EditOAuth2ApplicationForm struct { Name string `binding:"Required;MaxSize(255)" form:"application_name"` - RedirectURIs string `binding:"Required,ValidUrlList" form:"redirect_uris"` + RedirectURIs string `binding:"Required;ValidUrlList" form:"redirect_uris"` ConfidentialClient bool `form:"confidential_client"` SkipSecondaryAuthorization bool `form:"skip_secondary_authorization"` } From e536a9df5f5f5023245be89fd3e08037f61e40a5 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Tue, 26 Nov 2024 16:23:46 -0600 Subject: [PATCH 8/9] add unit tests and fix failing cases --- modules/util/truncate.go | 2 + modules/validation/binding.go | 6 +- modules/validation/binding_test.go | 1 + modules/validation/validurllist_test.go | 157 ++++++++++++++++++++++++ 4 files changed, 163 insertions(+), 3 deletions(-) create mode 100644 modules/validation/validurllist_test.go diff --git a/modules/util/truncate.go b/modules/util/truncate.go index 77b116eeff27f..f2edbdc67367b 100644 --- a/modules/util/truncate.go +++ b/modules/util/truncate.go @@ -41,6 +41,8 @@ func SplitStringAtByteN(input string, n int) (left, right string) { // SplitTrimSpace splits the string at given separator and trims leading and trailing space func SplitTrimSpace(input, sep string) []string { + // Trim initial leading & trailing space + input = strings.TrimSpace(input) // replace CRLF with LF input = strings.ReplaceAll(input, "\r\n", "\n") diff --git a/modules/validation/binding.go b/modules/validation/binding.go index 1a735c22b3934..b8852afb0787b 100644 --- a/modules/validation/binding.go +++ b/modules/validation/binding.go @@ -64,7 +64,7 @@ func addValidURLListBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.HasPrefix(rule, "ValidUrlList") + return strings.EqualFold(rule, "ValidUrlList") }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) @@ -78,7 +78,7 @@ func addValidURLListBindingRule() { for _, u := range urls { if !IsValidURL(u) { ok = false - errs.Add([]string{"RedirectURIs"}, binding.ERR_URL, u) + errs.Add([]string{name}, binding.ERR_URL, u) } } @@ -91,7 +91,7 @@ func addValidURLBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.HasPrefix(rule, "ValidUrl") + return strings.EqualFold(rule, "ValidUrl") }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) diff --git a/modules/validation/binding_test.go b/modules/validation/binding_test.go index 01ff4e34356a0..28d0f57b5c331 100644 --- a/modules/validation/binding_test.go +++ b/modules/validation/binding_test.go @@ -27,6 +27,7 @@ type ( TestForm struct { BranchName string `form:"BranchName" binding:"GitRefName"` URL string `form:"ValidUrl" binding:"ValidUrl"` + URLs string `form:"ValidUrls" binding:"ValidUrlList"` GlobPattern string `form:"GlobPattern" binding:"GlobPattern"` RegexPattern string `form:"RegexPattern" binding:"RegexPattern"` } diff --git a/modules/validation/validurllist_test.go b/modules/validation/validurllist_test.go new file mode 100644 index 0000000000000..c6f862a962b00 --- /dev/null +++ b/modules/validation/validurllist_test.go @@ -0,0 +1,157 @@ +// Copyright 2024 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package validation + +import ( + "testing" + + "gitea.com/go-chi/binding" +) + +// This is a copy of all the URL tests cases, plus additional ones to +// account for multiple URLs +var urlListValidationTestCases = []validationTestCase{ + { + description: "Empty URL", + data: TestForm{ + URLs: "", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "URL without port", + data: TestForm{ + URLs: "http://test.lan/", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "URL with port", + data: TestForm{ + URLs: "http://test.lan:3000/", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "URL with IPv6 address without port", + data: TestForm{ + URLs: "http://[::1]/", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "URL with IPv6 address with port", + data: TestForm{ + URLs: "http://[::1]:3000/", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "Invalid URL", + data: TestForm{ + URLs: "http//test.lan/", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "http//test.lan/", + }, + }, + }, + { + description: "Invalid schema", + data: TestForm{ + URLs: "ftp://test.lan/", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "ftp://test.lan/", + }, + }, + }, + { + description: "Invalid port", + data: TestForm{ + URLs: "http://test.lan:3x4/", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "http://test.lan:3x4/", + }, + }, + }, + { + description: "Invalid port with IPv6 address", + data: TestForm{ + URLs: "http://[::1]:3x4/", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "http://[::1]:3x4/", + }, + }, + }, + { + description: "Multi URLs", + data: TestForm{ + URLs: "http://test.lan:3000/\nhttp://test.local/", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "Multi URLs with newline", + data: TestForm{ + URLs: "http://test.lan:3000/\nhttp://test.local/\n", + }, + expectedErrors: binding.Errors{}, + }, + { + description: "List with invalid entry", + data: TestForm{ + URLs: "http://test.lan:3000/\nhttp://[::1]:3x4/", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "http://[::1]:3x4/", + }, + }, + }, + { + description: "List with two invalid entries", + data: TestForm{ + URLs: "ftp://test.lan:3000/\nhttp://[::1]:3x4/\n", + }, + expectedErrors: binding.Errors{ + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "ftp://test.lan:3000/", + }, + binding.Error{ + FieldNames: []string{"URLs"}, + Classification: binding.ERR_URL, + Message: "http://[::1]:3x4/", + }, + }, + }, +} + +func Test_ValidURLListValidation(t *testing.T) { + AddBindingRules() + + for _, testCase := range urlListValidationTestCases { + t.Run(testCase.description, func(t *testing.T) { + performValidationTest(t, testCase) + }) + } +} From 28615575ced8a2969abd3456d9a1dd5233d47e07 Mon Sep 17 00:00:00 2001 From: Rowan Bohde Date: Wed, 27 Nov 2024 10:26:34 -0600 Subject: [PATCH 9/9] standardize on using == for checking validation rules --- modules/validation/binding.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/validation/binding.go b/modules/validation/binding.go index b8852afb0787b..75190e31e185b 100644 --- a/modules/validation/binding.go +++ b/modules/validation/binding.go @@ -46,7 +46,7 @@ func addGitRefNameBindingRule() { // Git refname validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.HasPrefix(rule, "GitRefName") + return rule == "GitRefName" }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) @@ -64,7 +64,7 @@ func addValidURLListBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.EqualFold(rule, "ValidUrlList") + return rule == "ValidUrlList" }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) @@ -91,7 +91,7 @@ func addValidURLBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.EqualFold(rule, "ValidUrl") + return rule == "ValidUrl" }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) @@ -109,7 +109,7 @@ func addValidSiteURLBindingRule() { // URL validation rule binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.HasPrefix(rule, "ValidSiteUrl") + return rule == "ValidSiteUrl" }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { str := fmt.Sprintf("%v", val) @@ -200,7 +200,7 @@ func addUsernamePatternRule() { func addValidGroupTeamMapRule() { binding.AddRule(&binding.Rule{ IsMatch: func(rule string) bool { - return strings.HasPrefix(rule, "ValidGroupTeamMap") + return rule == "ValidGroupTeamMap" }, IsValid: func(errs binding.Errors, name string, val any) (bool, binding.Errors) { _, err := auth.UnmarshalGroupTeamMapping(fmt.Sprintf("%v", val))