Add ssourl validation
This commit is contained in:
parent
68f7634066
commit
b7cd70f1ea
3 changed files with 97 additions and 37 deletions
30
auth.php
30
auth.php
|
@ -193,9 +193,37 @@ class auth_plugin_userkey extends auth_plugin_base {
|
|||
$err['keylifetime'] = get_string('incorrectkeylifetime', 'auth_userkey');
|
||||
}
|
||||
|
||||
if (!empty($form->redirecturl) && filter_var($form->redirecturl, FILTER_VALIDATE_URL) === false) {
|
||||
if (!$this->is_valid_url($form->redirecturl)) {
|
||||
$err['redirecturl'] = get_string('incorrectredirecturl', 'auth_userkey');
|
||||
}
|
||||
|
||||
if (!$this->is_valid_url($form->ssourl)) {
|
||||
$err['ssourl'] = get_string('incorrectssourl', 'auth_userkey');
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if provided url is correct.
|
||||
*
|
||||
* @param string $url URL to check.
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function is_valid_url($url) {
|
||||
if (empty($url)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (filter_var($url, FILTER_VALIDATE_URL) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!preg_match("/^(http|https):/", $url)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -37,6 +37,7 @@ $string['createuser_desc'] = 'If enabled, a new user will be created if fail to
|
|||
$string['redirecturl'] = 'Logout redirect URL';
|
||||
$string['redirecturl_desc'] = 'Optionally you can redirect users to this URL after they logged out from LMS.';
|
||||
$string['incorrectredirecturl'] = 'You should provide valid URL';
|
||||
$string['incorrectssourl'] = 'You should provide valid URL';
|
||||
$string['userkey:generatekey'] = 'Generate login user key';
|
||||
$string['pluginisdisabled'] = 'The userkey authentication plugin is disabled.';
|
||||
$string['ssourl'] = 'URL of SSO host';
|
||||
|
|
|
@ -403,6 +403,7 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
|
|||
$form = new stdClass();
|
||||
|
||||
$form->redirecturl = '';
|
||||
$form->ssourl = '';
|
||||
|
||||
$form->keylifetime = '';
|
||||
$err = array();
|
||||
|
@ -436,52 +437,82 @@ class auth_plugin_userkey_testcase extends advanced_testcase {
|
|||
}
|
||||
|
||||
/**
|
||||
* Test that we can validate redirecturl for config form correctly.
|
||||
* Data provider for testing URL validation functions.
|
||||
*
|
||||
* @return array First element URL, the second URL is error message. Empty error massage means no errors.
|
||||
*/
|
||||
public function test_validate_redirecturl_for_config_form() {
|
||||
public function url_data_provider() {
|
||||
return array(
|
||||
array('', ''),
|
||||
array('http://google.com/', ''),
|
||||
array('https://google.com', ''),
|
||||
array('http://some.very.long.and.silly.domain/with/a/path/', ''),
|
||||
array('http://0.255.1.1/numericip.php', ''),
|
||||
array('http://0.255.1.1/numericip.php?test=1&id=2', ''),
|
||||
array('/just/a/path', 'You should provide valid URL'),
|
||||
array('random string', 'You should provide valid URL'),
|
||||
array(123456, 'You should provide valid URL'),
|
||||
array('php://google.com', 'You should provide valid URL'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that we can validate redirecturl for config form correctly.
|
||||
*
|
||||
* @dataProvider url_data_provider
|
||||
*/
|
||||
|
||||
/**
|
||||
* Test that we can validate redirecturl for config form correctly.
|
||||
*
|
||||
* @dataProvider url_data_provider
|
||||
*
|
||||
* @param string $url URL to test.
|
||||
* @param string $errortext Expected error text.
|
||||
*/
|
||||
public function test_validate_redirecturl_for_config_form($url, $errortext) {
|
||||
$form = new stdClass();
|
||||
|
||||
$form->keylifetime = 10;
|
||||
$form->ssourl = '';
|
||||
|
||||
$form->redirecturl = $url;
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
|
||||
if (empty($errortext)) {
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
} else {
|
||||
$this->assertArrayHasKey('redirecturl', $err);
|
||||
$this->assertEquals($errortext, $err['redirecturl']);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that we can validate ssourl for config form correctly.
|
||||
*
|
||||
* @dataProvider url_data_provider
|
||||
*
|
||||
* @param string $url URL to test.
|
||||
* @param string $errortext Expected error text.
|
||||
*/
|
||||
public function test_validate_ssourl_for_config_form($url, $errortext) {
|
||||
$form = new stdClass();
|
||||
|
||||
$form->keylifetime = 10;
|
||||
$form->redirecturl = '';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
$form->ssourl = '';
|
||||
|
||||
$form->redirecturl = 'http://google.com/';
|
||||
$form->ssourl = $url;
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
|
||||
$form->redirecturl = 'https://google.com';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
|
||||
$form->redirecturl = 'http://some.very.long.and.silly.domain/with/a/path/';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
|
||||
$form->redirecturl = 'http://0.255.1.1/numericip.php';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertFalse(array_key_exists('redirecturl', $err));
|
||||
|
||||
$form->redirecturl = '/just/a/path';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertEquals('You should provide valid URL', $err['redirecturl']);
|
||||
|
||||
$form->redirecturl = 'random string';
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertEquals('You should provide valid URL', $err['redirecturl']);
|
||||
|
||||
$form->redirecturl = 123456;
|
||||
$err = array();
|
||||
$this->auth->validate_form($form, $err);
|
||||
$this->assertEquals('You should provide valid URL', $err['redirecturl']);
|
||||
if (empty($errortext)) {
|
||||
$this->assertFalse(array_key_exists('ssourl', $err));
|
||||
} else {
|
||||
$this->assertArrayHasKey('ssourl', $err);
|
||||
$this->assertEquals($errortext, $err['ssourl']);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue