Skip to content

Commit

Permalink
fix: treat non-http/https login urls as invalid
Browse files Browse the repository at this point in the history
  • Loading branch information
isaacs committed Feb 28, 2020
1 parent ba0373b commit 6bcf086
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ const url = require('url')
const isValidUrl = u => {
if (u && typeof u === 'string') {
const p = url.parse(u)
return !!(p.protocol && p.slashes && p.host && p.path)
return p.slashes && p.host && p.path && /^https?:$/.test(p.protocol)
}
return false
}
Expand Down
4 changes: 2 additions & 2 deletions lib/test/login.js
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ const server = http.createServer((q, s) => {

case '/invalid-login-url/-/v1/login':
return respond(s, 200, {
loginUrl: 'this is not a url',
loginUrl: 'ftp://this.is/not-a-webpage/now/is/it?',
doneUrl: reg + '/invalid-done/-/v1/login'
})

Expand Down Expand Up @@ -418,7 +418,7 @@ t.test('fail at login step by having an invalid url', t => {
method: 'POST',
uri: reg + '/invalid-login-url/-/v1/login',
body: {
loginUrl: 'this is not a url',
loginUrl: 'ftp://this.is/not-a-webpage/now/is/it?',
doneUrl: reg + '/invalid-done/-/v1/login'
},
message: 'Invalid response from web login endpoint'
Expand Down

0 comments on commit 6bcf086

Please sign in to comment.