From c1cbde5ee147c59555e0f989c66973d19133bd61 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Fri, 15 Sep 2023 19:26:11 +0200 Subject: [PATCH] fixup! policies: allow subdomains for the various URIs --- policies/client_registration.rego | 16 ++++++++-------- policies/client_registration_test.rego | 18 +++++++++--------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/policies/client_registration.rego b/policies/client_registration.rego index 347c973c6..0104979c2 100644 --- a/policies/client_registration.rego +++ b/policies/client_registration.rego @@ -172,17 +172,17 @@ reverse_dns_match(host, reverse_dns) { # Used to verify that all the various URIs are subdomains of the client_uri is_subdomain(host, subdomain) { - is_string(host) - is_string(subdomain) + is_string(host) + is_string(subdomain) - # Split the host - host_parts := array.reverse(split(host, ".")) + # Split the host + host_parts := array.reverse(split(host, ".")) - # Split the subdomain - subdomain_parts := array.reverse(split(subdomain, ".")) + # Split the subdomain + subdomain_parts := array.reverse(split(subdomain, ".")) - # Check that the subdomain strictly is a subdomain of the host - array.slice(subdomain_parts, 0, count(host_parts)) == host_parts + # Check that the subdomain strictly is a subdomain of the host + array.slice(subdomain_parts, 0, count(host_parts)) == host_parts } valid_native_redirector(x) { diff --git a/policies/client_registration_test.rego b/policies/client_registration_test.rego index a37e19f37..e7510f988 100644 --- a/policies/client_registration_test.rego +++ b/policies/client_registration_test.rego @@ -435,15 +435,15 @@ test_client_credentials_grant { } test_is_subdomain { - is_subdomain("example.com", "example.com") - is_subdomain("example.com", "app.example.com") - not is_subdomain("example.com", "example.org") - not is_subdomain("test.com", "example.com") + is_subdomain("example.com", "example.com") + is_subdomain("example.com", "app.example.com") + not is_subdomain("example.com", "example.org") + not is_subdomain("test.com", "example.com") } test_reverse_dns_match { - reverse_dns_match("example.com", "com.example") - reverse_dns_match("example.com", "com.example.app") - not reverse_dns_match("example.com", "org.example") - not reverse_dns_match("test.com", "com.example") -} \ No newline at end of file + reverse_dns_match("example.com", "com.example") + reverse_dns_match("example.com", "com.example.app") + not reverse_dns_match("example.com", "org.example") + not reverse_dns_match("test.com", "com.example") +}