From 16a7d343d78807e39df124756e5d43a69a2203a3 Mon Sep 17 00:00:00 2001
From: Rowan Bohde <rowan.bohde@gmail.com>
Date: Wed, 27 Nov 2024 20:50:27 -0600
Subject: Validate OAuth Redirect URIs (#32643)

This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.
---
 services/forms/user_form.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'services')

diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 5b7a43642a..ed79936add 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -366,7 +366,7 @@ func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) {
 // EditOAuth2ApplicationForm form for editing oauth2 applications
 type EditOAuth2ApplicationForm struct {
 	Name                       string `binding:"Required;MaxSize(255)" form:"application_name"`
-	RedirectURIs               string `binding:"Required" form:"redirect_uris"`
+	RedirectURIs               string `binding:"Required;ValidUrlList" form:"redirect_uris"`
 	ConfidentialClient         bool   `form:"confidential_client"`
 	SkipSecondaryAuthorization bool   `form:"skip_secondary_authorization"`
 }
-- 
cgit v1.2.3