[MISC] Validate domain set in session is not a wildcard domain. (#1092)

2020-06-07 17:47:02 +02:00 · 2020-06-07 17:47:02 +02:00 · b30b066138
parent 5cc6dfc463
commit b30b066138
2 changed files with 15 additions and 0 deletions
--- a/internal/configuration/validator/session.go
+++ b/internal/configuration/validator/session.go
@ -46,4 +46,8 @@ func ValidateSession(configuration *schema.SessionConfiguration, validator *sche
 	if configuration.Domain == "" {
 		validator.Push(errors.New("Set domain of the session object"))
 	}
+
+	if strings.Contains(configuration.Domain, "*") {
+		validator.Push(errors.New("The domain of the session must be the root domain you're protecting instead of a wildcard domain"))
+	}
 }
--- a/internal/configuration/validator/session_test.go
+++ b/internal/configuration/validator/session_test.go
@ -121,6 +121,17 @@ func TestShouldRaiseErrorWhenDomainNotSet(t *testing.T) {
 	assert.EqualError(t, validator.Errors()[0], "Set domain of the session object")
 }

+func TestShouldRaiseErrorWhenDomainIsWildcard(t *testing.T) {
+	validator := schema.NewStructValidator()
+	config := newDefaultSessionConfig()
+	config.Domain = "*.example.com"
+
+	ValidateSession(&config, validator)
+
+	assert.Len(t, validator.Errors(), 1)
+	assert.EqualError(t, validator.Errors()[0], "The domain of the session must be the root domain you're protecting instead of a wildcard domain")
+}
+
 func TestShouldRaiseErrorWhenBadInactivityAndExpirationSet(t *testing.T) {
 	validator := schema.NewStructValidator()
 	config := newDefaultSessionConfig()