3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 09:56:31 +02:00
Code Issues Projects Releases Packages Wiki Activity

change Policy.Matches to accept a URL pointer (#5360)

Browse source
This commit is contained in:
Joe Kralicky 2024-11-07 14:55:44 -05:00 committed by GitHub
parent 9cd5fe4e25
commit 177f789e63
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 9 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config/from_test.go
View file

@ -25,7 +25,7 @@ func TestFromURLMatchesRequestURL(t *testing.T) {
} {
fromURL := urlutil.MustParseAndValidateURL(tc.pattern)
requestURL := urlutil.MustParseAndValidateURL(tc.input)
assert.Equal(t, tc.matches, FromURLMatchesRequestURL(&fromURL, &requestURL, true),
assert.Equal(t, tc.matches, FromURLMatchesRequestURL(fromURL, requestURL, true),
"from-url: %s\nrequest-url: %s", tc.pattern, tc.input)
}
}

2
config/identity.go
View file

@ -63,7 +63,7 @@ func (o *Options) GetIdentityProviderForRequestURL(requestURL string) (*identity
}
for p := range o.GetAllPolicies() {
if p.Matches(*u, o.IsRuntimeFlagSet(RuntimeFlagMatchAnyIncomingPort)) {
if p.Matches(u, o.IsRuntimeFlagSet(RuntimeFlagMatchAnyIncomingPort)) {
return o.GetIdentityProviderForPolicy(p)
}
}

4
config/policy.go
View file

@ -735,14 +735,14 @@ func (p *Policy) String() string {
}
// Matches returns true if the policy would match the given URL.
func (p *Policy) Matches(requestURL url.URL, stripPort bool) bool {
func (p *Policy) Matches(requestURL *url.URL, stripPort bool) bool {
// an invalid from URL should not match anything
fromURL, err := urlutil.ParseAndValidateURL(p.From)
if err != nil {
return false
}
if !FromURLMatchesRequestURL(fromURL, &requestURL, stripPort) {
if !FromURLMatchesRequestURL(fromURL, requestURL, stripPort) {
return false
}

4
internal/urlutil/known_test.go
View file

@ -83,7 +83,7 @@ func TestSignInURL(t *testing.T) {
authenticateURL := MustParseAndValidateURL("https://authenticate.example.com")
redirectURL := MustParseAndValidateURL("https://redirect.example.com")
rawSignInURL, err := SignInURL(k1, k2.PublicKey(), &authenticateURL, &redirectURL, "IDP-1")
rawSignInURL, err := SignInURL(k1, k2.PublicKey(), authenticateURL, redirectURL, "IDP-1")
require.NoError(t, err)
signInURL, err := ParseAndValidateURL(rawSignInURL)
@ -107,7 +107,7 @@ func TestSignOutURL(t *testing.T) {
}).Encode(), nil)
authenticateURL := MustParseAndValidateURL("https://authenticate.example.com")
rawSignOutURL := SignOutURL(r, &authenticateURL, []byte("TEST"))
rawSignOutURL := SignOutURL(r, authenticateURL, []byte("TEST"))
signOutURL, err := ParseAndValidateURL(rawSignOutURL)
require.NoError(t, err)

6
internal/urlutil/url.go
View file

@ -54,12 +54,12 @@ func ParseAndValidateURL(rawurl string) (*url.URL, error) {
// MustParseAndValidateURL parses the URL via ParseAndValidateURL but panics if there is an error.
// (useful for testing)
func MustParseAndValidateURL(rawURL string) url.URL {
func MustParseAndValidateURL(rawURL string) *url.URL {
u, err := ParseAndValidateURL(rawURL)
if err != nil {
panic(err)
}
return *u
return u
}
// ValidateURL wraps standard library's default url.Parse because
@ -187,6 +187,6 @@ func GetExternalRequest(internalURL, externalURL *url.URL, r *http.Request) *htt
}
// MatchesServerName returnes true if the url's host matches the given server name.
func MatchesServerName(u url.URL, serverName string) bool {
func MatchesServerName(u *url.URL, serverName string) bool {
return certmagic.MatchWildcard(u.Hostname(), serverName)
}