Validate using a domain whitelist, instead of a regex

matrix-org · Mar 19, 2020 · 6465db3 · 6465db3
1 parent e50aefe
commit 6465db3
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 14 deletions.
diff --git a/sydent/http/servlets/emailservlet.py b/sydent/http/servlets/emailservlet.py
@@ -16,6 +16,7 @@
 
 import logging
 from twisted.web.resource import Resource
+from urlparse import urlparse
 
 from sydent.util.emailutils import EmailAddressException, EmailSendException
 from sydent.validators import (
@@ -60,16 +61,28 @@ def render_POST(self, request):
         ipaddress = self.sydent.ip_from_request(request)
 
         nextLink = None
-        if 'next_link' in args and not args['next_link'].startswith("file:///"):
+        if 'next_link' in args:
             nextLink = args['next_link']
 
-        # Validate the value of next_link against the configured regex
-        if nextLink and self.sydent.next_link_valid_regex.match(nextLink) is None:
-            logger.warn(
-                "Validation attempt rejected as provided 'next_link' value is not "
-                "approved by the configured general.next_link.valid_regex value"
-            )
-            return {'errcode': 'M_INVALID_PARAM', 'error': 'Invalid next_link'}
+            # Parse the contents of the URL
+            next_link_parsed = urlparse(nextLink)
+
+            if (
+                # Scheme must be http(s)
+                next_link_parsed.scheme not in ["http", "https"]
+                # If the domain whitelist is set, the domain must be in it
+                or (
+                    self.sydent.next_link_domain_whitelist
+                    and next_link_parsed.hostname not in self.sydent.next_link_domain_whitelist
+                )
+            ):
+                logger.warn(
+                    "Validation attempt rejected as provided 'next_link' value is not "
+                    "http(s) or domain '%s' does not match "
+                    "general.next_link.domain_whitelist config value",
+                    next_link_parsed.hostname
+                )
+                return {'errcode': 'M_INVALID_PARAM', 'error': 'Invalid next_link'}
 
         resp = None
 

diff --git a/sydent/sydent.py b/sydent/sydent.py
@@ -87,9 +87,10 @@ def list_from_comma_sep_string(rawstr):
         # Path to file detailing the configuration of the /info and /internal-info servlets.
         # More information can be found in docs/info.md.
         'info_path': 'info.yaml',
-        # A regex used to validate the next_link query parameter provided by the
-        # client to the /requestToken and /submitToken endpoints
-        'next_link.valid_regex': '.*'
+        # A comma-separated domain whitelist used to validate the next_link query parameter
+        # provided by the client to the /requestToken and /submitToken endpoints
+        # If empty, no whitelist is applied
+        'next_link.domain_whitelist': ''
     },
     'db': {
         'db.file': 'sydent.db',
@@ -188,9 +189,9 @@ def sighup(signum, stack):
             self.cfg.get('userdir', 'userdir.allowed_homeservers', '')
         ))
 
-        self.next_link_valid_regex = re.compile(
-            self.cfg.get('general', 'next_link.valid_regex')
-        )
+        self.next_link_domain_whitelist = set(list_from_comma_sep_string(
+            self.cfg.get('general', 'next_link.domain_whitelist')
+        ))
 
         self.invites_validity_period = parse_duration(
             self.cfg.get('general', 'invites.validity_period'),