Skip to content

Commit

Permalink
refactor: rename whitelisted_return_urls to allowed_return_urls (#…
Browse files Browse the repository at this point in the history
…2299)

BREAKING CHANGE: Configuration key `selfservice.whitelisted_return_urls` has been renamed to `allowed_return_urls`.
  • Loading branch information
aeneasr authored Mar 11, 2022
1 parent fab8a93 commit 686c9ba
Show file tree
Hide file tree
Showing 37 changed files with 70 additions and 70 deletions.
2 changes: 1 addition & 1 deletion cmd/serve/stub/kratos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ serve:

selfservice:
default_browser_return_url: http://127.0.0.1:4455/
whitelisted_return_urls:
allowed_return_urls:
- http://127.0.0.1:4455

methods:
Expand Down
2 changes: 1 addition & 1 deletion contrib/quickstart/kratos/cloud/kratos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ serve:

selfservice:
default_browser_return_url: http://localhost:4455/ui/welcome
whitelisted_return_urls:
allowed_return_urls:
- http://localhost:4455

methods:
Expand Down
2 changes: 1 addition & 1 deletion contrib/quickstart/kratos/email-password/kratos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ serve:

selfservice:
default_browser_return_url: http://127.0.0.1:4455/
whitelisted_return_urls:
allowed_return_urls:
- http://127.0.0.1:4455

methods:
Expand Down
12 changes: 6 additions & 6 deletions driver/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ const (
ViperKeyCookiePath = "cookies.path"
ViperKeySelfServiceStrategyConfig = "selfservice.methods"
ViperKeySelfServiceBrowserDefaultReturnTo = "selfservice." + DefaultBrowserReturnURL
ViperKeyURLsWhitelistedReturnToDomains = "selfservice.whitelisted_return_urls"
ViperKeyURLsAllowedReturnToDomains = "selfservice.allowed_return_urls"
ViperKeySelfServiceRegistrationEnabled = "selfservice.flows.registration.enabled"
ViperKeySelfServiceRegistrationUI = "selfservice.flows.registration.ui_url"
ViperKeySelfServiceRegistrationRequestLifespan = "selfservice.flows.registration.lifespan"
Expand Down Expand Up @@ -823,28 +823,28 @@ func (p *Config) SessionPersistentCookie() bool {
return p.p.Bool(ViperKeySessionPersistentCookie)
}

func (p *Config) SelfServiceBrowserWhitelistedReturnToDomains() (us []url.URL) {
src := p.p.Strings(ViperKeyURLsWhitelistedReturnToDomains)
func (p *Config) SelfServiceBrowserAllowedReturnToDomains() (us []url.URL) {
src := p.p.Strings(ViperKeyURLsAllowedReturnToDomains)
for k, u := range src {
if len(u) == 0 {
continue
}

parsed, err := url.ParseRequestURI(u)
if err != nil {
p.l.WithError(err).Warnf("Ignoring URL \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
p.l.WithError(err).Warnf("Ignoring URL \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
continue
}
if parsed.Host == "*" {
p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
continue
}
eTLD, icann := publicsuffix.PublicSuffix(parsed.Host)
if len(parsed.Host) > 0 &&
parsed.Host[:1] == "*" &&
icann &&
parsed.Host == fmt.Sprintf("*.%s", eTLD) {
p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsWhitelistedReturnToDomains, k)
p.l.Warnf("Ignoring wildcard \"%s\" from configuration key \"%s.%d\".", u, ViperKeyURLsAllowedReturnToDomains, k)
continue
}

Expand Down
2 changes: 1 addition & 1 deletion driver/config/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func TestViperProvider(t *testing.T) {
assert.Equal(t, "http://public.kratos.ory.sh", p.SelfPublicURL().String())

var ds []string
for _, v := range p.SelfServiceBrowserWhitelistedReturnToDomains() {
for _, v := range p.SelfServiceBrowserAllowedReturnToDomains() {
ds = append(ds, v.String())
}

Expand Down
2 changes: 1 addition & 1 deletion driver/config/stub/.kratos.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ ciphers:

selfservice:
default_browser_return_url: http://return-to-3-test.ory.sh/
whitelisted_return_urls:
allowed_return_urls:
- http://return-to-1-test.ory.sh/
- http://return-to-2-test.ory.sh/
- http://*.wildcards.ory.sh
Expand Down
4 changes: 2 additions & 2 deletions embedx/config.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -912,8 +912,8 @@
"default_browser_return_url": {
"$ref": "#/definitions/defaultReturnTo"
},
"whitelisted_return_urls": {
"title": "Whitelisted Return To URLs",
"allowed_return_urls": {
"title": "Allowed Return To URLs",
"description": "List of URLs that are allowed to be redirected to. A redirection request is made by appending `?return_to=...` to Login, Registration, and other self-service flows.",
"type": "array",
"items": {
Expand Down
2 changes: 1 addition & 1 deletion examples/go/pkg/stub/kratos.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ serve:

selfservice:
default_browser_return_url: http://127.0.0.1:4455/
whitelisted_return_urls:
allowed_return_urls:
- http://127.0.0.1:4455

methods:
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/login/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
_, err := x.SecureRedirectTo(r,
conf.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(requestURL),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/login/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -327,7 +327,7 @@ func (h *Handler) initBrowserFlow(w http.ResponseWriter, r *http.Request, ps htt
if errors.Is(err, ErrAlreadyLoggedIn) {
returnTo, redirErr := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()),
x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
)
if redirErr != nil {
h.d.SelfServiceErrorManager().Forward(r.Context(), w, r, redirErr)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/login/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -553,7 +553,7 @@ func TestGetFlow(t *testing.T) {
})

t.Run("case=expired with return_to", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})

client := testhelpers.NewClientWithCookies(t)
setupLoginUI(t, client)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/login/hook.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ func (e *HookExecutor) PostLoginHook(w http.ResponseWriter, r *http.Request, a *
c := e.d.Config(r.Context())
returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(a.RequestURL),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
x.SecureRedirectOverrideDefaultReturnTo(e.d.Config(r.Context()).SelfServiceFlowLoginReturnTo(a.Active.String())),
)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/login/hook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func TestLoginExecutor(t *testing.T) {

t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})

res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser, nil), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/logout/handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -273,7 +273,7 @@ func (h *Handler) completeLogout(w http.ResponseWriter, r *http.Request) {

ret, err := x.SecureRedirectTo(r, h.d.Config(r.Context()).SelfServiceFlowLogoutRedirectURL(),
x.SecureRedirectUseSourceURL(r.RequestURI),
x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(h.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(h.d.Config(r.Context()).SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/recovery/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
_, err := x.SecureRedirectTo(r,
conf.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(requestURL),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/recovery/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ func TestGetFlow(t *testing.T) {
})

t.Run("case=expired with return_to", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
client := testhelpers.NewClientWithCookies(t)
setupRecoveryTS(t, client)
body := x.EasyGetBody(t, client, public.URL+recovery.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/registration/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
_, err := x.SecureRedirectTo(r,
conf.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(requestURL),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/registration/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -303,7 +303,7 @@ func TestGetFlow(t *testing.T) {
})

t.Run("case=expired with return_to", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
client := testhelpers.NewClientWithCookies(t)
setupRegistrationUI(t, client)
body := x.EasyGetBody(t, client, public.URL+registration.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/registration/hook.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ func (e *HookExecutor) PostRegistrationHook(w http.ResponseWriter, r *http.Reque
c := e.d.Config(r.Context())
returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(a.RequestURL),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
x.SecureRedirectOverrideDefaultReturnTo(c.SelfServiceFlowRegistrationReturnTo(ct.String())),
)
Expand Down
4 changes: 2 additions & 2 deletions selfservice/flow/registration/hook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func TestRegistrationExecutor(t *testing.T) {

t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})

res, _ := makeRequestPost(t, newServer(t, nil, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
assert.EqualValues(t, http.StatusOK, res.StatusCode)
Expand All @@ -118,7 +118,7 @@ func TestRegistrationExecutor(t *testing.T) {

t.Run("case=use nested config value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/kratos"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/kratos"})
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectTo(t, conf, "https://www.ory.sh/not-kratos")
testhelpers.SelfServiceHookRegistrationSetDefaultRedirectToStrategy(t, conf, strategy, "https://www.ory.sh/kratos")

Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/settings/error_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ func TestHandleError(t *testing.T) {
})

t.Run("case=session old error", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(), "/error").String()})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{urlx.AppendPaths(conf.SelfPublicURL(), "/error").String()})
t.Cleanup(reset)

settingsFlow = &settings.Flow{Type: flow.TypeBrowser}
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/settings/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ func NewFlow(conf *config.Config, exp time.Duration, r *http.Request, i *identit
_, err := x.SecureRedirectTo(r,
conf.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(requestURL),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/settings/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ func TestHandler(t *testing.T) {
})

t.Run("case=expired with return_to", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
client := testhelpers.NewHTTPClientWithArbitrarySessionToken(t, reg)
body := x.EasyGetBody(t, client, publicTS.URL+settings.RouteInitBrowserFlow+"?return_to=https://www.ory.sh")

Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/settings/hook.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func (e *HookExecutor) PostSettingsHook(w http.ResponseWriter, r *http.Request,
c := e.d.Config(r.Context())
returnTo, err := x.SecureRedirectTo(r, c.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(ctxUpdate.Flow.RequestURL),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(c.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(c.SelfPublicURL()),
x.SecureRedirectOverrideDefaultReturnTo(
e.d.Config(r.Context()).SelfServiceFlowSettingsReturnTo(settingsType,
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/settings/hook_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ func TestSettingsExecutor(t *testing.T) {

t.Run("case=use return_to value", func(t *testing.T) {
t.Cleanup(testhelpers.SelfServiceHookConfigReset(t, conf))
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})
testhelpers.SelfServiceHookSettingsSetDefaultRedirectTo(t, conf, "https://www.ory.sh")

res, _ := makeRequestPost(t, newServer(t, flow.TypeBrowser), false, url.Values{"return_to": {"https://www.ory.sh/kratos/"}})
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/verification/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ func NewFlow(conf *config.Config, exp time.Duration, csrf string, r *http.Reques
_, err := x.SecureRedirectTo(r,
conf.SelfServiceBrowserDefaultReturnTo(),
x.SecureRedirectUseSourceURL(requestURL),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(conf.SelfServiceBrowserAllowedReturnToDomains()),
x.SecureRedirectAllowSelfServiceURLs(conf.SelfPublicURL()),
)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion selfservice/flow/verification/handler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,7 @@ func TestGetFlow(t *testing.T) {
})

t.Run("case=expired with return_to", func(t *testing.T) {
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh/"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh/"})

client := testhelpers.NewClientWithCookies(t)
_ = setupVerificationUI(t, client)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/strategy/link/strategy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import (
func initViper(t *testing.T, c *config.Config) {
testhelpers.SetDefaultIdentitySchema(c, "file://./stub/default.schema.json")
c.MustSet(config.ViperKeySelfServiceBrowserDefaultReturnTo, "https://www.ory.sh")
c.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh"})
c.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})
c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+identity.CredentialsTypePassword.String()+".enabled", true)
c.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+recovery.StrategyRecoveryLinkName+".enabled", true)
c.MustSet(config.ViperKeySelfServiceRecoveryEnabled, true)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/strategy/link/strategy_verification.go
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ func (s *Strategy) verificationUseToken(w http.ResponseWriter, r *http.Request,

returnTo, err := x.SecureRedirectTo(&verificationRequest, defaultRedirectURL,
x.SecureRedirectAllowSelfServiceURLs(s.d.Config(r.Context()).SelfPublicURL()),
x.SecureRedirectAllowURLs(s.d.Config(r.Context()).SelfServiceBrowserWhitelistedReturnToDomains()),
x.SecureRedirectAllowURLs(s.d.Config(r.Context()).SelfServiceBrowserAllowedReturnToDomains()),
)
if err != nil {
s.d.Logger().Debugf("error parsing redirectTo from verification: %s\n", err)
Expand Down
2 changes: 1 addition & 1 deletion selfservice/strategy/link/strategy_verification_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -357,7 +357,7 @@ func TestVerification(t *testing.T) {

t.Run("case=respects return_to URI parameter", func(t *testing.T) {
returnToURL := public.URL + "/after-verification"
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{returnToURL})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{returnToURL})
client := &http.Client{
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
Expand Down
2 changes: 1 addition & 1 deletion selfservice/strategy/totp/login_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ func TestCompleteLogin(t *testing.T) {
conf, reg := internal.NewFastRegistryWithMocks(t)
conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypePassword), map[string]interface{}{"enabled": true})
conf.MustSet(config.ViperKeySelfServiceStrategyConfig+"."+string(identity.CredentialsTypeTOTP), map[string]interface{}{"enabled": true})
conf.MustSet(config.ViperKeyURLsWhitelistedReturnToDomains, []string{"https://www.ory.sh"})
conf.MustSet(config.ViperKeyURLsAllowedReturnToDomains, []string{"https://www.ory.sh"})

router := x.NewRouterPublic()
publicTS, _ := testhelpers.NewKratosServerWithRouters(t, reg, router, x.NewRouterAdmin())
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/cypress/support/commands.ts
Original file line number Diff line number Diff line change
Expand Up @@ -567,7 +567,7 @@ Cypress.Commands.add('longRegisterLifespan', ({} = {}) => {

Cypress.Commands.add('browserReturnUrlOry', ({} = {}) => {
updateConfigFile((config) => {
config.selfservice.whitelisted_return_urls = ['https://www.ory.sh/']
config.selfservice.allowed_return_urls = ['https://www.ory.sh/']
return config
})
})
Expand Down Expand Up @@ -1063,7 +1063,7 @@ Cypress.Commands.add(
cy.location('pathname').should('contain', 'error')
cy.get('code').should(
'contain.text',
'Requested return_to URL \\"https://not-allowed\\" is not whitelisted.'
'Requested return_to URL \\"https://not-allowed\\" is not allowed.'
)
}
}
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/profiles/kratos.base.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ secrets:

selfservice:
default_browser_return_url: http://localhost:4455/
whitelisted_return_urls:
allowed_return_urls:
- http://localhost:4455
- https://www.ory.sh/
- https://example.org/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ urls:
default_return_to: 1
registration_ui: 1
error_ui: 1
whitelisted_return_to_urls:
allowed_return_urls:
- 1
- 1

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
selfservice:
default_browser_return_url: "#/definitions/defaultReturnTo"

whitelisted_return_urls:
allowed_return_urls:
- https://foo.bar
- /dashboard

Expand Down
Loading

0 comments on commit 686c9ba

Please sign in to comment.