discourse/app/services/wildcard_domain_checker.rb

# frozen_string_literal: true

module WildcardDomainChecker

  def self.check_domain(domain, external_domain)
    escaped_domain = domain[0] == "*" ? Regexp.escape(domain).sub("\\*", '\S*') : Regexp.escape(domain)
    domain_regex = Regexp.new("\\A#{escaped_domain}\\z", 'i')

    external_domain.match(domain_regex)
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-03 08:17:27 +10:00			`# frozen_string_literal: true`

FEATURE: allow multiple secrets for Discourse SSO provider This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site. This allows for better auditing of the SSO provider feature 2018-10-15 07:03:53 +02:00			`module WildcardDomainChecker`

			`def self.check_domain(domain, external_domain)`
			`escaped_domain = domain[0] == "" ? Regexp.escape(domain).sub("\\", '\S*') : Regexp.escape(domain)`
SECURITY: vulnerability in WildcardUrlChecker 2019-12-13 13:12:12 +11:00			`domain_regex = Regexp.new("\\A#{escaped_domain}\\z", 'i')`
FEATURE: allow multiple secrets for Discourse SSO provider This splits off the logic between SSO keys used incoming vs outgoing, it allows to far better restrict who is allowed to log in using a site. This allows for better auditing of the SSO provider feature 2018-10-15 07:03:53 +02:00
			`external_domain.match(domain_regex)`
			`end`

			`end`