Merge pull request #463 from sebadob/add-missing-origen-chars-to-regexes

update origen regexes with all valid characters
sebadob · Jun 10, 2024 · 8d4e455 · 8d4e455
2 parents d993d42 + e3ac037
commit 8d4e455
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/frontend/src/utils/constants.js b/frontend/src/utils/constants.js
@@ -26,7 +26,7 @@ export const REGEX_CLIENT_NAME = /^[a-zA-Z0-9À-ÿ\-\s]{0,128}$/m;
 export const REGEX_CONTACT = /^[a-zA-Z0-9+.@/:]{0,48}$/gm;
 export const REGEX_LOWERCASE_SPACE = /^[a-z0-9-_\/\s]{2,128}$/gm;
 export const REGEX_PROVIDER_SCOPE = /^[a-z0-9-_\/:\s]{0,128}$/gm;
-export const REGEX_ORIGIN = /^(http|https):\/\/[a-zA-Z0-9.:]+$/m;
+export const REGEX_ORIGIN = /^(http|https):\/\/[a-z0-9.:-]+$/m;
 export const REGEX_PEM = /^(-----BEGIN CERTIFICATE-----)[a-zA-Z0-9+/=\n]+(-----END CERTIFICATE-----)$/gm;
 export const REGEX_ROLES = /^[a-z0-9\-_/:*]{2,64}$/gm;
 export const REGEX_URI = /^[a-zA-Z0-9,.:/_\-&?=~#!$'()*+%]*$/gm;

diff --git a/rauthy-common/src/constants.rs b/rauthy-common/src/constants.rs
@@ -126,7 +126,7 @@ lazy_static! {
     pub static ref RE_LOWERCASE: Regex = Regex::new(r"^[a-z0-9-_/]{2,128}$").unwrap();
     pub static ref RE_LOWERCASE_SPACE: Regex = Regex::new(r"^[a-z0-9-_/\s]{2,128}$").unwrap();
     pub static ref RE_MFA_CODE: Regex = Regex::new(r"^[a-zA-Z0-9]{48}$").unwrap();
-    pub static ref RE_ORIGIN: Regex = Regex::new(r"^(http|https)://[a-zA-Z0-9.:]+$").unwrap();
+    pub static ref RE_ORIGIN: Regex = Regex::new(r"^(http|https)://[a-z0-9.:-]+$").unwrap();
     pub static ref RE_PEM: Regex = Regex::new(r"^(-----BEGIN CERTIFICATE-----)[a-zA-Z0-9+/=\n]+(-----END CERTIFICATE-----)$").unwrap();
     pub static ref RE_PHONE: Regex = Regex::new(r"^\+[0-9]{0,32}$").unwrap();
     // we have a pretty high upper limit for characters here just to be sure that even if

diff --git a/rauthy-models/src/request.rs b/rauthy-models/src/request.rs
@@ -874,8 +874,11 @@ pub struct TokenValidationRequest {
 
 #[derive(Debug, Serialize, Deserialize, Validate, ToSchema)]
 pub struct UpdateClientRequest {
-    //github.com/ Validation: `^[a-z0-9-_/]{2,128}$`
-    #[validate(regex(path = "RE_LOWERCASE", code = "^[a-z0-9-_/]{2,128}$"))]
+    //github.com/ Validation: `^[a-zA-Z0-9,.:/_\-&?=~#!$'()*+%]{2,256}$`
+    #[validate(regex(
+        path = "RE_CLIENT_ID_EPHEMERAL",
+        code = "^[a-zA-Z0-9,.:/_\\-&?=~#!$'()*+%]{2,256}$"
+    ))]
     pub id: String,
     //github.com/ Validation: `[a-zA-Z0-9À-ÿ-\\s]{2,128}`
     #[validate(regex(path = "RE_CLIENT_NAME", code = "[a-zA-Z0-9À-ÿ-\\s]{2,128}"))]
@@ -887,7 +890,7 @@ pub struct UpdateClientRequest {
     //github.com/ Validation: `Vec<^[a-zA-Z0-9,.:/_\\-&?=~#!$'()*+%]+$>`
     #[validate(custom(function = "validate_vec_uri"))]
     pub post_logout_redirect_uris: Option<Vec<String>>,
-    //github.com/ Validation: `Vec<^(http|https)://[a-zA-Z0-9.:]+$>`
+    //github.com/ Validation: `Vec<^(http|https)://[a-z0-9.:-]+$>`
     #[validate(custom(function = "validate_vec_origen"))]
     pub allowed_origens: Option<Vec<String>>,
     pub enabled: bool,
@@ -1140,7 +1143,7 @@ fn validate_vec_origen(value: &[String]) -> Result<(), ValidationError> {
     let mut err = None;
     value.iter().for_each(|v| {
         if !RE_ORIGIN.is_match(v) {
-            err = Some("^(http|https)://[a-zA-Z0-9.:]+$");
+            err = Some("^(http|https)://[a-z0-9.:-]+$");
         }
     });
     if let Some(e) = err {