diff options
author | Paul Dekkers <paul.dekkers@surf.nl> | 2021-05-10 13:10:32 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-05-10 17:10:32 +0600 |
commit | 2b8a44855a51ad5a5b0c348a08c2564a2e197ea2 (patch) | |
tree | ba5a8db0b6f65510492b7a1cc210a3efabbef594 | |
parent | 7c0b505ad4ea9a92763a97f14945e4d5af077221 (diff) | |
download | oauthlib-2b8a44855a51ad5a5b0c348a08c2564a2e197ea2.tar.gz |
Use better regex for IPv6 to allow a lot more valid IPv6 addresses (#753)
* Use better regex for IPv6 to allow a lot more valid IPv6 addresses
* Adding some unit tests for is_absolute_uri in uri_validate
* Make unit tests Python 3.6 compatible
* Remove redundant import after unit test simplification for py36
* update Changelog
* Remove redundant coding line
-rw-r--r-- | CHANGELOG.rst | 4 | ||||
-rw-r--r-- | oauthlib/uri_validate.py | 28 | ||||
-rw-r--r-- | tests/test_uri_validate.py | 33 |
3 files changed, 39 insertions, 26 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3817c52..6c37559 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,10 @@ Changelog 3.1.1 (TBD) ------------------ +OAuth2.0 Provider - Bugfixes + + * #753: Fix acceptance of valid IPv6 addresses in URI validation + OAuth2.0 Client - Bugfixes * #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently diff --git a/oauthlib/uri_validate.py b/oauthlib/uri_validate.py index 93b6131..8a6d9c2 100644 --- a/oauthlib/uri_validate.py +++ b/oauthlib/uri_validate.py @@ -65,32 +65,8 @@ dec_octet = r"""(?: %(DIGIT)s | IPv4address = r"%(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s" % locals( ) -# h16 = 1*4HEXDIG -h16 = r"(?: %(HEXDIG)s ){1,4}" % locals() - -# ls32 = ( h16 ":" h16 ) / IPv4address -ls32 = r"(?: (?: %(h16)s : %(h16)s ) | %(IPv4address)s )" % locals() - -# IPv6address = 6( h16 ":" ) ls32 -# / "::" 5( h16 ":" ) ls32 -# / [ h16 ] "::" 4( h16 ":" ) ls32 -# / [ *1( h16 ":" ) h16 ] "::" 3( h16 ":" ) ls32 -# / [ *2( h16 ":" ) h16 ] "::" 2( h16 ":" ) ls32 -# / [ *3( h16 ":" ) h16 ] "::" h16 ":" ls32 -# / [ *4( h16 ":" ) h16 ] "::" ls32 -# / [ *5( h16 ":" ) h16 ] "::" h16 -# / [ *6( h16 ":" ) h16 ] "::" -IPv6address = r"""(?: (?: %(h16)s : ){6} %(ls32)s | - :: (?: %(h16)s : ){5} %(ls32)s | - %(h16)s :: (?: %(h16)s : ){4} %(ls32)s | - (?: %(h16)s : ) %(h16)s :: (?: %(h16)s : ){3} %(ls32)s | - (?: %(h16)s : ){2} %(h16)s :: (?: %(h16)s : ){2} %(ls32)s | - (?: %(h16)s : ){3} %(h16)s :: %(h16)s : %(ls32)s | - (?: %(h16)s : ){4} %(h16)s :: %(ls32)s | - (?: %(h16)s : ){5} %(h16)s :: %(h16)s | - (?: %(h16)s : ){6} %(h16)s :: - ) -""" % locals() +# IPv6address +IPv6address = r"([A-Fa-f0-9:]+:+)+[A-Fa-f0-9]+" # IPvFuture = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" ) IPvFuture = r"v %(HEXDIG)s+ \. (?: %(unreserved)s | %(sub_delims)s | : )+" % locals() diff --git a/tests/test_uri_validate.py b/tests/test_uri_validate.py new file mode 100644 index 0000000..3489d95 --- /dev/null +++ b/tests/test_uri_validate.py @@ -0,0 +1,33 @@ +import oauthlib +from oauthlib.uri_validate import is_absolute_uri + +from tests.unittest import TestCase + + +class UriValidateTest(TestCase): + + def test_is_absolute_uri(self): + + self.assertIsNotNone(is_absolute_uri('schema://example.com/path')) + self.assertIsNotNone(is_absolute_uri('https://example.com/path')) + self.assertIsNotNone(is_absolute_uri('https://example.com')) + self.assertIsNotNone(is_absolute_uri('https://example.com:443/path')) + self.assertIsNotNone(is_absolute_uri('https://example.com:443/')) + self.assertIsNotNone(is_absolute_uri('https://example.com:443')) + self.assertIsNotNone(is_absolute_uri('http://example.com')) + self.assertIsNotNone(is_absolute_uri('http://example.com/path')) + self.assertIsNotNone(is_absolute_uri('http://example.com:80/path')) + self.assertIsNotNone(is_absolute_uri('com.example.bundle.id:/')) + self.assertIsNotNone(is_absolute_uri('http://[::1]:38432/path')) + self.assertIsNotNone(is_absolute_uri('http://[::1]/path')) + self.assertIsNotNone(is_absolute_uri('http://[fd01:0001::1]/path')) + self.assertIsNotNone(is_absolute_uri('http://[fd01:1::1]/path')) + self.assertIsNotNone(is_absolute_uri('http://[0123:4567:89ab:cdef:0123:4567:89ab:cdef]/path')) + self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/')) + self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/')) + self.assertIsNotNone(is_absolute_uri('http://127.1:38432/')) + + self.assertIsNone(is_absolute_uri('http://example.com:notaport/path')) + self.assertIsNone(is_absolute_uri('wrong')) + self.assertIsNone(is_absolute_uri('http://[:1]:38432/path')) + self.assertIsNone(is_absolute_uri('http://[abcd:efgh::1]/')) |