3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-03 01:01:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

🐛 Add proper validation of registration domain whitelist on oidc

Browse source 
Fixes #3348
This commit is contained in:
Andrey Antukh 2023-06-26 18:10:43 +02:00
parent f60d09eb8f
commit f166fe1926
5 changed files with 60 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/test/backend_tests/rpc_profile_test.clj
View file

@ -10,7 +10,7 @@
[app.config :as cf]
[app.db :as db]
[app.rpc :as-alias rpc]
[app.rpc.commands.auth :as cauth]
[app.auth :as auth]
[app.tokens :as tokens]
[app.util.time :as dt]
[backend-tests.helpers :as th]
@ -226,11 +226,11 @@
(t/deftest registration-domain-whitelist
(let [whitelist #{"gmail.com" "hey.com" "ya.ru"}]
(t/testing "allowed email domain"
(t/is (true? (cauth/email-domain-in-whitelist? whitelist "username@ya.ru")))
(t/is (true? (cauth/email-domain-in-whitelist? #{} "username@somedomain.com"))))
(t/is (true? (auth/email-domain-in-whitelist? whitelist "username@ya.ru")))
(t/is (true? (auth/email-domain-in-whitelist? #{} "username@somedomain.com"))))
(t/testing "not allowed email domain"
(t/is (false? (cauth/email-domain-in-whitelist? whitelist "username@somedomain.com"))))))
(t/is (false? (auth/email-domain-in-whitelist? whitelist "username@somedomain.com"))))))
(t/deftest prepare-register-and-register-profile-1
(let [data {::th/type :prepare-register-profile