Merge pull request #141 from XdpCs/fix-http-error

feat(authentication): improve Validator
microsoft · Jan 19, 2024 · 58521b8 · 58521b8
2 parents cf55e0a + 0e3d91f
commit 58521b8
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+## [1.5.6] - 2024-01-18
+
+### Changed
+
+- The input contains http or https which function will return an error. [#130](https://github.com/microsoft/kiota-abstractions-go/issues/130)
+
 ## [1.5.5] - 2024-01-17
 
 ### Changed

diff --git a/authentication/allowed_hosts_validator.go b/authentication/allowed_hosts_validator.go
@@ -1,22 +1,35 @@
 package authentication
 
 import (
+	"errors"
 	u "net/url"
 	"strings"
 )
 
-// AllowedHostsValidator Maintains a list of valid hosts and allows authentication providers to check whether a host is valid before authenticating a request
+// AllowedHostsValidator maintains a list of valid hosts and allows authentication providers to check whether a host is valid before authenticating a request
 type AllowedHostsValidator struct {
 	validHosts map[string]bool
 }
 
-// NewAllowedHostsValidator creates a new AllowedHostsValidator object with provided values.
+// ErrInvalidHostPrefix indicates that a host should not contain the http or https prefix.
+var ErrInvalidHostPrefix = errors.New("host should not contain http or https prefix")
+
+// Deprecated: NewAllowedHostsValidator creates a new AllowedHostsValidator object with provided values.
 func NewAllowedHostsValidator(validHosts []string) AllowedHostsValidator {
 	result := AllowedHostsValidator{}
 	result.SetAllowedHosts(validHosts)
 	return result
 }
 
+// NewAllowedHostsValidatorErrorCheck creates a new AllowedHostsValidator object with provided values and performs error checking.
+func NewAllowedHostsValidatorErrorCheck(validHosts []string) (*AllowedHostsValidator, error) {
+	result := &AllowedHostsValidator{}
+	if err := result.SetAllowedHostsErrorCheck(validHosts); err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
 // GetAllowedHosts returns the list of valid hosts.
 func (v *AllowedHostsValidator) GetAllowedHosts() map[string]bool {
 	hosts := make(map[string]bool, len(v.validHosts))
@@ -26,7 +39,7 @@ func (v *AllowedHostsValidator) GetAllowedHosts() map[string]bool {
 	return hosts
 }
 
-// SetAllowedHosts sets the list of valid hosts.
+// Deprecated: SetAllowedHosts sets the list of valid hosts.
 func (v *AllowedHostsValidator) SetAllowedHosts(hosts []string) {
 	v.validHosts = make(map[string]bool, len(hosts))
 	if len(hosts) > 0 {
@@ -36,6 +49,21 @@ func (v *AllowedHostsValidator) SetAllowedHosts(hosts []string) {
 	}
 }
 
+// SetAllowedHostsErrorCheck sets the list of valid hosts with error checking.
+func (v *AllowedHostsValidator) SetAllowedHostsErrorCheck(hosts []string) error {
+	v.validHosts = make(map[string]bool, len(hosts))
+	if len(hosts) > 0 {
+		for _, host := range hosts {
+			lowerHost := strings.ToLower(host)
+			if strings.HasPrefix(lowerHost, "http://") || strings.HasPrefix(lowerHost, "https://") {
+				return ErrInvalidHostPrefix
+			}
+			v.validHosts[lowerHost] = true
+		}
+	}
+	return nil
+}
+
 // IsValidHost returns true if the host is valid.
 func (v *AllowedHostsValidator) IsUrlHostValid(uri *u.URL) bool {
 	if uri == nil {

diff --git a/authentication/allowed_hosts_validator_test.go b/authentication/allowed_hosts_validator_test.go
@@ -1,14 +1,21 @@
 package authentication
 
 import (
-	assert "github.com/stretchr/testify/assert"
 	u "net/url"
 	"testing"
+
+	assert "github.com/stretchr/testify/assert"
 )
 
-func TestItValidatesHosts(t *testing.T) {
+func TestItValidatesHostsUseNewAllowedHostsValidator(t *testing.T) {
 	validator := NewAllowedHostsValidator([]string{"graph.microsoft.com"})
 	url, err := u.Parse("https://graph.microsoft.com/v1.0/me")
 	assert.Nil(t, err)
 	assert.True(t, validator.IsUrlHostValid(url))
 }
+
+func TestItValidatesHostsUseNewAllowedHostsValidatorErrorCheck(t *testing.T) {
+	validator, err := NewAllowedHostsValidatorErrorCheck([]string{"http://graph.microsoft.com"})
+	assert.EqualValues(t, ErrInvalidHostPrefix, err)
+	assert.Nil(t, validator)
+}
diff --git a/authentication/api_key_authentication_provider.go b/authentication/api_key_authentication_provider.go
@@ -41,12 +41,16 @@ func NewApiKeyAuthenticationProviderWithValidHosts(apiKey string, parameterName
 	if len(parameterName) == 0 {
 		return nil, errors.New("parameterName cannot be empty")
 	}
-	validator := NewAllowedHostsValidator(validHosts)
+
+	validator, err := NewAllowedHostsValidatorErrorCheck(validHosts)
+	if err != nil {
+		return nil, err
+	}
 	return &ApiKeyAuthenticationProvider{
 		apiKey:        apiKey,
 		parameterName: parameterName,
 		keyLocation:   keyLocation,
-		validator:     &validator,
+		validator:     validator,
 	}, nil
 }