add owncloud#359

lib/Utilities.php

@@ -47,7 +47,7 @@ public static function generateRandom(): string {
 	 *
 	 * @return boolean True if the redirection URI is valid, false otherwise.
 	 */
-	public static function validateRedirectUri($expected, $actual, $allowSubdomains) {
+	public static function validateRedirectUri($expected, $actual, $allowSubdomains): bool {
 		$validatePort = true;
 		if (\strpos($expected, 'http://localhost:*') === 0) {
 			$expected = 'http://localhost' . \substr($expected, 18);
@@ -60,13 +60,7 @@ public static function validateRedirectUri($expected, $actual, $allowSubdomains)
 				return false;
 			}
 
-			if ($allowSubdomains) {
-				if (\strcmp($expectedUrl->hostname, $actualUrl->hostname) !== 0
-					&& \strcmp($expectedUrl->hostname, \str_replace(\explode('.', $actualUrl->hostname)[0] . '.', '', $actualUrl->hostname)) !== 0
-				) {
-					return false;
-				}
-			} elseif (\strcmp($expectedUrl->hostname, $actualUrl->hostname) !== 0) {
+			if (!self::validateDomain($expectedUrl, $actualUrl, $allowSubdomains)) {
 				return false;
 			}
 
@@ -96,12 +90,28 @@ public static function removeWildcardPort($redirectUri): string {
 	}
 
 	public static function isValidUrl($redirectUri): bool {
-		$redirectUri = Utilities::removeWildcardPort($redirectUri);
+		$redirectUri = self::removeWildcardPort($redirectUri);
 		return (\filter_var($redirectUri, FILTER_VALIDATE_URL) !== false);
 	}
 
 	// See https://tools.ietf.org/pdf/rfc7636.pdf#56
-	public static function base64url_encode($data) {
+	public static function base64url_encode($data): string {
 		return \rtrim(\strtr(\base64_encode($data), '+/', '-_'), '=');
 	}
+
+	private static function validateDomain(URL $expectedUrl, URL $actualUrl, bool $allowSubdomains): bool {
+		if (!$allowSubdomains) {
+			return \strcmp($expectedUrl->hostname, $actualUrl->hostname) === 0;
+		}
+
+		$expectedUrlParts = array_reverse(explode('.', $expectedUrl->hostname));
+		$actualUrlParts = array_reverse(explode('.', $actualUrl->hostname));
+		foreach ($expectedUrlParts as $i => $p) {
+			if ($p !== $actualUrlParts[$i]) {
+				return false;
+			}
+		}
+
+		return true;
+	}
 }

tests/unit/UtilitiesTest.php

@@ -23,7 +23,7 @@
 use PHPUnit\Framework\TestCase;
 
 class UtilitiesTest extends TestCase {
-	public function testGenerateRandom() {
+	public function testGenerateRandom(): void {
 		$random = Utilities::generateRandom();
 
 		$this->assertEquals(64, \strlen($random));
@@ -41,7 +41,9 @@ public function providesUrlsToValidate(): array {
 			[false, 'https://owncloud.org:80/tests?q=1', 'https://owncloud.org:80/test?q=1', false],
 			[false, 'https://owncloud.org:80/test?q=1', 'https://owncloud.org:80/test?q=0', false],
 			[true, 'http://localhost:*/test?q=1', 'http://localhost:12345/test?q=1', false],
-			[false, 'http://excepted.com', 'http://aaa\@excepted.com', false]
+			[false, 'http://excepted.com', 'http://aaa\@excepted.com', false],
+			[false, 'https://trustedclient.com', 'https://munity.trustedclient.community.', true],
+			[false, 'https://trustedclient.com', 'https://munity.trustedclient.community', true]
 		];
 	}
 
@@ -52,7 +54,7 @@ public function providesUrlsToValidate(): array {
 	 * @param $actualRedirect
 	 * @param $allowSubDomain
 	 */
-	public function testValidateRedirectUri($expectedResult, $expectedRedirect, $actualRedirect, $allowSubDomain) {
+	public function testValidateRedirectUri($expectedResult, $expectedRedirect, $actualRedirect, $allowSubDomain): void {
 		$this->assertEquals(
 			$expectedResult,
 			Utilities::validateRedirectUri(
@@ -79,11 +81,11 @@ public function providesUrls(): array {
 	 * @param $expected
 	 * @param $url
 	 */
-	public function testIsValidUrl($expected, $url) {
+	public function testIsValidUrl($expected, $url): void {
 		$this->assertEquals($expected, Utilities::isValidUrl($url));
 	}
 
-	public function testBase64url_encode() {
+	public function testBase64url_encode(): void {
 		$data = \random_bytes(32);
 		$encoded = Utilities::base64url_encode($data);
 		$this->assertEquals(43, \strlen($encoded));