mirrors/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-02-04 13:21:45 +00:00
Code Activity

fix: localhost callback URLs with port don't match correctly

Browse Source
This commit is contained in:
Elias Schneider
2026-01-03 15:07:56 +01:00
parent ba00f40bd4
commit 7c34501055
2 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
backend/internal/utils/callback_url_util.go
View File

@@ -17,32 +17,39 @@ func GetCallbackURLFromList(urls []string, inputCallbackURL string) (callbackURL
// time of the request for loopback IP redirect URIs, to accommodate // time of the request for loopback IP redirect URIs, to accommodate
// clients that obtain an available ephemeral port from the operating // clients that obtain an available ephemeral port from the operating
// system at the time of the request. // system at the time of the request.
loopbackRedirect := "" loopbackCallbackURLWithoutPort := ""
u, _ := url.Parse(inputCallbackURL) u, _ := url.Parse(inputCallbackURL)
if u != nil && u.Scheme == "http" { if u != nil && u.Scheme == "http" {
host := u.Hostname() host := u.Hostname()
ip := net.ParseIP(host) ip := net.ParseIP(host)
if host == "localhost" || (ip != nil && ip.IsLoopback()) { if host == "localhost" || (ip != nil && ip.IsLoopback()) {
loopbackRedirect = u.String()
u.Host = host u.Host = host
inputCallbackURL = u.String() loopbackCallbackURLWithoutPort = u.String()
} }
} }
for _, pattern := range urls { for _, pattern := range urls {
// Try the original callback first
matches, err := matchCallbackURL(pattern, inputCallbackURL) matches, err := matchCallbackURL(pattern, inputCallbackURL)
if err != nil { if err != nil {
return "", err return "", err
} else if !matches { }
continue if matches {
return inputCallbackURL, nil
} }
if loopbackRedirect != "" { // If we have a loopback variant, try that too
return loopbackRedirect, nil if loopbackCallbackURLWithoutPort != "" {
matches, err = matchCallbackURL(pattern, loopbackCallbackURLWithoutPort)
if err != nil {
return "", err
} }
if matches {
return inputCallbackURL, nil return inputCallbackURL, nil
} }
}
}
return "", nil return "", nil
} }

7
backend/internal/utils/callback_url_util_test.go
View File

@@ -392,6 +392,13 @@ func TestGetCallbackURLFromList_LoopbackSpecialHandling(t *testing.T) {
expectedURL: "http://127.0.0.1:8080/callback", expectedURL: "http://127.0.0.1:8080/callback",
expectMatch: true, expectMatch: true,
}, },
{
name: "127.0.0.1 with same port - exact match",
urls: []string{"http://127.0.0.1:8080/callback"},
inputCallbackURL: "http://127.0.0.1:8080/callback",
expectedURL: "http://127.0.0.1:8080/callback",
expectMatch: true,
},
{ {
name: "127.0.0.1 with different port", name: "127.0.0.1 with different port",
urls: []string{"http://127.0.0.1/callback"}, urls: []string{"http://127.0.0.1/callback"},