fix: validate oauth urls during update

cemalkilic · cemalkilic · commit 81e6b2c578be · 2026-02-05T21:04:31.000+07:00
diff --git a/internal/api/custom_oauth_admin.go b/internal/api/custom_oauth_admin.go
@@ -551,23 +551,38 @@ func updateProviderFromParams(provider *models.CustomOAuthProvider, params *Admi
 			}
 			provider.Issuer = &params.Issuer
 		}
-		if params.DiscoveryURL != nil {
+		if params.DiscoveryURL != nil && *params.DiscoveryURL != "" {
+			if err := utilities.ValidateOAuthURL(*params.DiscoveryURL); err != nil {
+				return err
+			}
 			provider.DiscoveryURL = params.DiscoveryURL
 		}
 		if params.SkipNonceCheck != nil {
 			provider.SkipNonceCheck = *params.SkipNonceCheck
 		}
 	} else if provider.IsOAuth2() {
 		if params.AuthorizationURL != "" {
+			if err := utilities.ValidateOAuthURL(params.AuthorizationURL); err != nil {
+				return err
+			}
 			provider.AuthorizationURL = &params.AuthorizationURL
 		}
 		if params.TokenURL != "" {
+			if err := utilities.ValidateOAuthURL(params.TokenURL); err != nil {
+				return err
+			}
 			provider.TokenURL = &params.TokenURL
 		}
 		if params.UserinfoURL != "" {
+			if err := utilities.ValidateOAuthURL(params.UserinfoURL); err != nil {
+				return err
+			}
 			provider.UserinfoURL = &params.UserinfoURL
 		}
-		if params.JwksURI != nil {
+		if params.JwksURI != nil && *params.JwksURI != "" {
+			if err := utilities.ValidateOAuthURL(*params.JwksURI); err != nil {
+				return err
+			}
 			provider.JwksURI = params.JwksURI
 		}
 	}

Original file line number	Diff line number	Diff line change
`@@ -551,23 +551,38 @@ func updateProviderFromParams(provider models.CustomOAuthProvider, params Admi`
`551`	`551`	`}`
`552`	`552`	`provider.Issuer = &params.Issuer`
`553`	`553`	`}`
`554`		`- if params.DiscoveryURL != nil {`
	`554`	`+ if params.DiscoveryURL != nil && *params.DiscoveryURL != "" {`
	`555`	`+ if err := utilities.ValidateOAuthURL(*params.DiscoveryURL); err != nil {`
	`556`	`+ return err`
	`557`	`+ }`
`555`	`558`	`provider.DiscoveryURL = params.DiscoveryURL`
`556`	`559`	`}`
`557`	`560`	`if params.SkipNonceCheck != nil {`
`558`	`561`	`provider.SkipNonceCheck = *params.SkipNonceCheck`
`559`	`562`	`}`
`560`	`563`	`} else if provider.IsOAuth2() {`
`561`	`564`	`if params.AuthorizationURL != "" {`
	`565`	`+ if err := utilities.ValidateOAuthURL(params.AuthorizationURL); err != nil {`
	`566`	`+ return err`
	`567`	`+ }`
`562`	`568`	`provider.AuthorizationURL = &params.AuthorizationURL`
`563`	`569`	`}`
`564`	`570`	`if params.TokenURL != "" {`
	`571`	`+ if err := utilities.ValidateOAuthURL(params.TokenURL); err != nil {`
	`572`	`+ return err`
	`573`	`+ }`
`565`	`574`	`provider.TokenURL = &params.TokenURL`
`566`	`575`	`}`
`567`	`576`	`if params.UserinfoURL != "" {`
	`577`	`+ if err := utilities.ValidateOAuthURL(params.UserinfoURL); err != nil {`
	`578`	`+ return err`
	`579`	`+ }`
`568`	`580`	`provider.UserinfoURL = &params.UserinfoURL`
`569`	`581`	`}`
`570`		`- if params.JwksURI != nil {`
	`582`	`+ if params.JwksURI != nil && *params.JwksURI != "" {`
	`583`	`+ if err := utilities.ValidateOAuthURL(*params.JwksURI); err != nil {`
	`584`	`+ return err`
	`585`	`+ }`
`571`	`586`	`provider.JwksURI = params.JwksURI`
`572`	`587`	`}`
`573`	`588`	`}`