auth

Paddy 2014-09-18 Parent:113ccb15b919 Child:3a6a65ed380c

42:022ce4262922 Go to Latest

auth/client.go

Make sure client URLs are actually URLs. When updating a client website or logo, make sure that URL is actually a URL. Instead of returning an error for too short input, just return an error if the input isn't a URL.

Download raw file
View source Diff to previous Annotate
History 
     1.1 --- a/client.go	Thu Sep 18 22:13:22 2014 -0400
     1.2 +++ b/client.go	Thu Sep 18 22:41:32 2014 -0400
     1.3 @@ -13,12 +13,13 @@
     1.4  	ErrClientNotFound      = errors.New("Client not found in ClientStore.")
     1.5  	ErrClientAlreadyExists = errors.New("Client already exists in ClientStore.")
     1.6  
     1.7 -	ErrClientNameTooShort    = errors.New("Client name must be at least 2 characters.")
     1.8 -	ErrClientNameTooLong     = errors.New("Client name must be at most 32 characters.")
     1.9 -	ErrClientLogoTooShort    = errors.New("Client logo URL must be at least 12 characters.")
    1.10 -	ErrClientLogoTooLong     = errors.New("Client logo must be at most 1024 characters.")
    1.11 -	ErrClientWebsiteTooShort = errors.New("Client website URL must be at least 12 characters.")
    1.12 -	ErrClientWebsiteTooLong  = errors.New("Client website must be at most 1024 characters.")
    1.13 +	ErrEmptyChange          = errors.New("Change must have at least one change in it.")
    1.14 +	ErrClientNameTooShort   = errors.New("Client name must be at least 2 characters.")
    1.15 +	ErrClientNameTooLong    = errors.New("Client name must be at most 32 characters.")
    1.16 +	ErrClientLogoTooLong    = errors.New("Client logo must be at most 1024 characters.")
    1.17 +	ErrClientLogoNotURL     = errors.New("Client logo must be a valid absolute URL.")
    1.18 +	ErrClientWebsiteTooLong = errors.New("Client website must be at most 1024 characters.")
    1.19 +	ErrClientWebsiteNotURL  = errors.New("Client website must be a valid absolute URL.")
    1.20  )
    1.21  
    1.22  // Client represents a client that grants access
    1.23 @@ -61,23 +62,32 @@
    1.24  }
    1.25  
    1.26  func (c ClientChange) Validate() error {
    1.27 +	if c.Secret == nil && c.OwnerID == nil && c.Name == nil && c.Logo == nil && c.Website == nil {
    1.28 +		return ErrEmptyChange
    1.29 +	}
    1.30  	if c.Name != nil && len(*c.Name) < 2 {
    1.31  		return ErrClientNameTooShort
    1.32  	}
    1.33  	if c.Name != nil && len(*c.Name) > 32 {
    1.34  		return ErrClientNameTooLong
    1.35  	}
    1.36 -	if c.Logo != nil && len(*c.Logo) > 1024 {
    1.37 -		return ErrClientLogoTooLong
    1.38 +	if c.Logo != nil && *c.Logo != "" {
    1.39 +		if len(*c.Logo) > 1024 {
    1.40 +			return ErrClientLogoTooLong
    1.41 +		}
    1.42 +		u, err := url.Parse(*c.Logo)
    1.43 +		if err != nil || !u.IsAbs() {
    1.44 +			return ErrClientLogoNotURL
    1.45 +		}
    1.46  	}
    1.47 -	if c.Logo != nil && len(*c.Logo) > 0 && len(*c.Logo) < 12 {
    1.48 -		return ErrClientLogoTooShort
    1.49 -	}
    1.50 -	if c.Website != nil && len(*c.Website) > 140 {
    1.51 -		return ErrClientWebsiteTooLong
    1.52 -	}
    1.53 -	if c.Website != nil && len(*c.Website) > 0 && len(*c.Website) < 12 {
    1.54 -		return ErrClientWebsiteTooShort
    1.55 +	if c.Website != nil && *c.Website != "" {
    1.56 +		if len(*c.Website) > 140 {
    1.57 +			return ErrClientWebsiteTooLong
    1.58 +		}
    1.59 +		u, err := url.Parse(*c.Website)
    1.60 +		if err != nil || !u.IsAbs() {
    1.61 +			return ErrClientWebsiteNotURL
    1.62 +		}
    1.63  	}
    1.64  	return nil
    1.65  }