diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 01:45:44 +0000 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /lib/api/applications.rb | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) | |
download | gitlab-ce-85dc423f7090da0a52c73eb66faf22ddb20efff9.tar.gz |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'lib/api/applications.rb')
-rw-r--r-- | lib/api/applications.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/lib/api/applications.rb b/lib/api/applications.rb index 4e8d68c8d09..4f2c3ee79ef 100644 --- a/lib/api/applications.rb +++ b/lib/api/applications.rb @@ -6,6 +6,15 @@ module API before { authenticated_as_admin! } resource :applications do + helpers do + def validate_redirect_uri(value) + uri = ::URI.parse(value) + !uri.is_a?(URI::HTTP) || uri.host + rescue URI::InvalidURIError + false + end + end + desc 'Create a new application' do detail 'This feature was introduced in GitLab 10.5' success Entities::ApplicationWithSecret @@ -19,6 +28,13 @@ module API desc: 'Application will be used where the client secret is confidential' end post do + # Validate that host in uri is specified + # Please remove it when https://github.com/doorkeeper-gem/doorkeeper/pull/1440 is merged + # and the doorkeeper gem version is bumped + unless validate_redirect_uri(declared_params[:redirect_uri]) + render_api_error!({ redirect_uri: ["must be an absolute URI."] }, :bad_request) + end + application = Doorkeeper::Application.new(declared_params) if application.save |