prosody-modules
5f8a306c8306
mod_http_oauth2/mod_http_oauth2.lua
Software / code / prosody-modules
Comparison
mod_http_oauth2/mod_http_oauth2.lua @ 5986:5f8a306c8306
mod_http_oauth2: Require a stringprepped host part of URLs
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 31 Aug 2024 13:30:55 +0200 |
| parent | 5985:e8bf46a7bb27 |
| child | 5988:538f468f9a65 |
comparison
equal
deleted
inserted
replaced
| 5985:e8bf46a7bb27 | 5986:5f8a306c8306 |
|---|---|
| 35 if url_parts.port then | 35 if url_parts.port then |
| 36 local port = tonumber(url_parts.port); | 36 local port = tonumber(url_parts.port); |
| 37 if not port then return false; end | 37 if not port then return false; end |
| 38 if not (port > 0 and port <= 0xffff) then return false; end | 38 if not (port > 0 and port <= 0xffff) then return false; end |
| 39 if port ~= math.floor(port) then return false; end | 39 if port ~= math.floor(port) then return false; end |
| 40 end | |
| 41 if url_parts.host then | |
| 42 if encodings.stringprep.nameprep(url_parts.host) ~= url_parts.host then | |
| 43 return false; | |
| 44 end | |
| 45 if not encodings.idna.to_ascii(url_parts) then | |
| 46 return false; | |
| 47 end | |
| 40 end | 48 end |
| 41 return url_parts; | 49 return url_parts; |
| 42 end | 50 end |
| 43 | 51 |
| 44 local function strict_formdecode(query) | 52 local function strict_formdecode(query) |
| 1408 }; | 1416 }; |
| 1409 }); | 1417 }); |
| 1410 end | 1418 end |
| 1411 | 1419 |
| 1412 local client_uri = strict_url_parse(client_metadata.client_uri); | 1420 local client_uri = strict_url_parse(client_metadata.client_uri); |
| 1413 if not client_uri or client_uri.scheme ~= "https" or loopbacks:contains(client_uri.host) then | 1421 if not client_uri or client_uri.scheme ~= "https" or not client_uri.host or loopbacks:contains(client_uri.host) then |
| 1414 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); | 1422 return nil, oauth_error("invalid_client_metadata", "Missing, invalid or insecure client_uri"); |
| 1415 end | 1423 end |
| 1416 | 1424 |
| 1417 if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then | 1425 if not client_metadata.application_type and redirect_uri_allowed(client_metadata.redirect_uris[1], client_uri, "native") then |
| 1418 client_metadata.application_type = "native"; | 1426 client_metadata.application_type = "native"; |
