Ingore regex pattern matching for inbound OAuth apps

wso2 · Nov 14, 2024 · 6d26ecf · 6d26ecf
1 parent d2b06cb
commit 6d26ecf
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 25 deletions.
diff --git a/features/admin.applications.v1/components/forms/inbound-oidc-form.tsx b/features/admin.applications.v1/components/forms/inbound-oidc-form.tsx
@@ -1962,7 +1962,7 @@ export const InboundOIDCForm: FunctionComponent<InboundOIDCFormPropsInterface> =
                                             return false;
                                         }
                                         if (URLUtils.isURLValid(value)) {
-                                            if (URLUtils.isHttpUrl(value) || URLUtils.isHttpsUrl(value)) {
+                                            if (URLUtils.isHttpUrl(value, false) || URLUtils.isHttpsUrl(value, false)) {
                                                 setCallbackURLsErrorLabel(null);
 
                                                 return true;

diff --git a/features/admin.applications.v1/components/wizard/oauth-protocol-settings-wizard-form.tsx b/features/admin.applications.v1/components/wizard/oauth-protocol-settings-wizard-form.tsx
@@ -543,14 +543,8 @@ export const OauthProtocolSettingsWizardForm: FunctionComponent<OAuthProtocolSet
                                             }
 
                                             if (URLUtils.isURLValid(value)) {
-                                                if (FormValidation.url(value, {
-                                                    domain: {
-                                                        allowUnicode: true,
-                                                        minDomainSegments: 1,
-                                                        tlds: false
-                                                    },
-                                                    scheme: [ "http", "https" ]
-                                                })) {
+                                                if (URLUtils.isHttpUrl(value, false) ||
+                                                URLUtils.isHttpsUrl(value, false)) {
                                                     setCallbackURLsErrorLabel(null);
 
                                                     return true;

diff --git a/modules/core/src/utils/url-utils.ts b/modules/core/src/utils/url-utils.ts
@@ -34,33 +34,35 @@ export class URLUtils {
     private constructor() { }
 
     /**
-     * Checks if the passed in url is a valid Http URL.
+     * Checks if the passed-in URL is a valid HTTP URL.
+     * If `forceRegexValidation` is false, it only checks if the URL starts with "http://".
      *
      * @param url - URL to evaluate.
-     *
-     * @returns True if the url is a http url.
+     * @param forceRegexValidation - Flag to use regex pattern validation (default: true).
+     * @returns True if the URL is a valid HTTP URL.
      */
-    public static isHttpUrl(url: string): boolean {
-        if (url.startsWith("http://")) {
-            return !!url.trim().match(PatternConstants.HTTP_URL_REGEX_PATTERN);
+    public static isHttpUrl(url: string, forceRegexValidation: boolean = true): boolean {
+        if (!forceRegexValidation) {
+            return url.trim().startsWith("http://");
         }
 
-        return false;
+        return !!url.trim().match(PatternConstants.HTTP_URL_REGEX_PATTERN);
     }
 
     /**
-     * Checks if the passed in url is a valid Https URL.
+     * Checks if the passed-in URL is a valid HTTPS URL.
+     * If `forceRegexValidation` is false, it only checks if the URL starts with "https://".
      *
      * @param url - URL to evaluate.
-     *
-     * @returns True if the url is a https url.
+     * @param forceRegexValidation - Flag to use regex pattern validation (default: true).
+     * @returns True if the URL is a valid HTTPS URL.
      */
-    public static isHttpsUrl(url: string): boolean {
-        if (url.startsWith("https://")) {
-            return !!url.trim().match(PatternConstants.HTTPS_URL_REGEX_PATTERN);
+    public static isHttpsUrl(url: string, forceRegexValidation: boolean = true): boolean {
+        if (!forceRegexValidation) {
+            return url.trim().startsWith("https://");
         }
 
-        return false;
+        return !!url.trim().match(PatternConstants.HTTPS_URL_REGEX_PATTERN);
     }
 
     /**

diff --git a/modules/react-components/src/components/input/url-input.tsx b/modules/react-components/src/components/input/url-input.tsx
@@ -513,8 +513,8 @@ export const URLInput: FunctionComponent<URLInputPropsInterface> = (
     const resolveCORSStatusLabel = (url: string) => {
         const { origin, href } = URLUtils.urlComponents(url);
         const positive: boolean = isOriginIsKnownAndAllowed(url);
-        const isValid: boolean = (URLUtils.isURLValid(url, true) && (URLUtils.isHttpUrl(url) ||
-            URLUtils.isHttpsUrl(url)));
+        const isValid: boolean = (URLUtils.isURLValid(url, true) && (URLUtils.isHttpUrl(url, false) ||
+            URLUtils.isHttpsUrl(url, false)));
 
         /**
          * TODO : React Components should not depend on the product