From 2badac082accb0582d15174ad128636ef82dd991 Mon Sep 17 00:00:00 2001
From: Simen Rekkedal <61084786+simen-rekkedal@users.noreply.github.com>
Date: Fri, 29 Nov 2024 09:53:39 +0100
Subject: [PATCH] Bugfix validate https redirect url (#915)
* verify result in the response
* use string startswith instead of regexp to validate redirecturl
* built in method
* rewrite
* fix
* removed unused reqexp
---
src/Authentication/Helpers/AuthenticationHelper.cs | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/src/Authentication/Helpers/AuthenticationHelper.cs b/src/Authentication/Helpers/AuthenticationHelper.cs
index 7bb8ff6b..2fa7d184 100644
--- a/src/Authentication/Helpers/AuthenticationHelper.cs
+++ b/src/Authentication/Helpers/AuthenticationHelper.cs
@@ -3,6 +3,7 @@
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
+using System.Security.Policy;
using System.Text.RegularExpressions;
using Altinn.Platform.Authentication.Core.Constants;
using Altinn.Platform.Authentication.Core.Models;
@@ -306,19 +307,21 @@ public static bool DoesSystemIdStartWithOrgnumber(RegisteredSystem newSystem)
/// the redirect url for a system
/// true if the url matches the expression
public static bool IsValidRedirectUrl(List redirectUrls)
- {
- string pattern = @"^http(s)?://([\w-]+.)+[\w-]+(/[\w- ./?%&=])?$";
- Regex expression = new Regex(pattern, RegexOptions.Compiled, TimeSpan.FromSeconds(1));
-
+ {
foreach (Uri redirectUri in redirectUrls)
{
- if (!redirectUri.IsWellFormedOriginalString() || !expression.IsMatch(redirectUri.OriginalString))
+ if (!IsValidAbsoluteUriWithHttps(redirectUri))
{
return false;
}
}
return true;
+
+ static bool IsValidAbsoluteUriWithHttps(Uri uri)
+ {
+ return uri.IsAbsoluteUri && uri.Scheme == Uri.UriSchemeHttps;
+ }
}
///