diff --git a/auth.php b/auth.php index b30d926..e28c7fe 100644 --- a/auth.php +++ b/auth.php @@ -193,9 +193,37 @@ class auth_plugin_userkey extends auth_plugin_base { $err['keylifetime'] = get_string('incorrectkeylifetime', 'auth_userkey'); } - if (!empty($form->redirecturl) && filter_var($form->redirecturl, FILTER_VALIDATE_URL) === false) { + if (!$this->is_valid_url($form->redirecturl)) { $err['redirecturl'] = get_string('incorrectredirecturl', 'auth_userkey'); } + + if (!$this->is_valid_url($form->ssourl)) { + $err['ssourl'] = get_string('incorrectssourl', 'auth_userkey'); + } + + } + + /** + * Check if provided url is correct. + * + * @param string $url URL to check. + * + * @return bool + */ + protected function is_valid_url($url) { + if (empty($url)) { + return true; + } + + if (filter_var($url, FILTER_VALIDATE_URL) === false) { + return false; + } + + if (!preg_match("/^(http|https):/", $url)) { + return false; + } + + return true; } /** diff --git a/lang/en/auth_userkey.php b/lang/en/auth_userkey.php index 085956e..b7ab024 100644 --- a/lang/en/auth_userkey.php +++ b/lang/en/auth_userkey.php @@ -37,6 +37,7 @@ $string['createuser_desc'] = 'If enabled, a new user will be created if fail to $string['redirecturl'] = 'Logout redirect URL'; $string['redirecturl_desc'] = 'Optionally you can redirect users to this URL after they logged out from LMS.'; $string['incorrectredirecturl'] = 'You should provide valid URL'; +$string['incorrectssourl'] = 'You should provide valid URL'; $string['userkey:generatekey'] = 'Generate login user key'; $string['pluginisdisabled'] = 'The userkey authentication plugin is disabled.'; $string['ssourl'] = 'URL of SSO host'; diff --git a/tests/auth_plugin_test.php b/tests/auth_plugin_test.php index c76d2c5..0c1a9c6 100644 --- a/tests/auth_plugin_test.php +++ b/tests/auth_plugin_test.php @@ -403,6 +403,7 @@ class auth_plugin_userkey_testcase extends advanced_testcase { $form = new stdClass(); $form->redirecturl = ''; + $form->ssourl = ''; $form->keylifetime = ''; $err = array(); @@ -436,52 +437,82 @@ class auth_plugin_userkey_testcase extends advanced_testcase { } /** - * Test that we can validate redirecturl for config form correctly. + * Data provider for testing URL validation functions. + * + * @return array First element URL, the second URL is error message. Empty error massage means no errors. */ - public function test_validate_redirecturl_for_config_form() { + public function url_data_provider() { + return array( + array('', ''), + array('http://google.com/', ''), + array('https://google.com', ''), + array('http://some.very.long.and.silly.domain/with/a/path/', ''), + array('http://0.255.1.1/numericip.php', ''), + array('http://0.255.1.1/numericip.php?test=1&id=2', ''), + array('/just/a/path', 'You should provide valid URL'), + array('random string', 'You should provide valid URL'), + array(123456, 'You should provide valid URL'), + array('php://google.com', 'You should provide valid URL'), + ); + } + + /** + * Test that we can validate redirecturl for config form correctly. + * + * @dataProvider url_data_provider + */ + + /** + * Test that we can validate redirecturl for config form correctly. + * + * @dataProvider url_data_provider + * + * @param string $url URL to test. + * @param string $errortext Expected error text. + */ + public function test_validate_redirecturl_for_config_form($url, $errortext) { $form = new stdClass(); $form->keylifetime = 10; + $form->ssourl = ''; + $form->redirecturl = $url; + $err = array(); + $this->auth->validate_form($form, $err); + + if (empty($errortext)) { + $this->assertFalse(array_key_exists('redirecturl', $err)); + } else { + $this->assertArrayHasKey('redirecturl', $err); + $this->assertEquals($errortext, $err['redirecturl']); + } + } + + /** + * Test that we can validate ssourl for config form correctly. + * + * @dataProvider url_data_provider + * + * @param string $url URL to test. + * @param string $errortext Expected error text. + */ + public function test_validate_ssourl_for_config_form($url, $errortext) { + $form = new stdClass(); + + $form->keylifetime = 10; $form->redirecturl = ''; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertFalse(array_key_exists('redirecturl', $err)); + $form->ssourl = ''; - $form->redirecturl = 'http://google.com/'; + $form->ssourl = $url; $err = array(); $this->auth->validate_form($form, $err); - $this->assertFalse(array_key_exists('redirecturl', $err)); - $form->redirecturl = 'https://google.com'; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertFalse(array_key_exists('redirecturl', $err)); - - $form->redirecturl = 'http://some.very.long.and.silly.domain/with/a/path/'; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertFalse(array_key_exists('redirecturl', $err)); - - $form->redirecturl = 'http://0.255.1.1/numericip.php'; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertFalse(array_key_exists('redirecturl', $err)); - - $form->redirecturl = '/just/a/path'; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertEquals('You should provide valid URL', $err['redirecturl']); - - $form->redirecturl = 'random string'; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertEquals('You should provide valid URL', $err['redirecturl']); - - $form->redirecturl = 123456; - $err = array(); - $this->auth->validate_form($form, $err); - $this->assertEquals('You should provide valid URL', $err['redirecturl']); + if (empty($errortext)) { + $this->assertFalse(array_key_exists('ssourl', $err)); + } else { + $this->assertArrayHasKey('ssourl', $err); + $this->assertEquals($errortext, $err['ssourl']); + } } /**