diff --git a/central/src/auth/authentik/provider.rs b/central/src/auth/authentik/provider.rs index 25041b5..e2893dd 100644 --- a/central/src/auth/authentik/provider.rs +++ b/central/src/auth/authentik/provider.rs @@ -39,7 +39,7 @@ pub async fn generate_provider_values( .iter() .map(|url| { let (matching_mode, url) = if is_regex_uri(url) { - ("regex".to_owned(), url.to_owned()) + ("regex".to_owned(), convert_to_regex_url(url)) } else { ("strict".to_owned(), url.to_owned()) }; @@ -215,6 +215,20 @@ pub async fn check_set_federation_id( } fn is_regex_uri(uri: &str) -> bool { - let regex_chars = ['^', '$', '*']; + let regex_chars = ['*']; uri.chars().any(|c| regex_chars.contains(&c)) +} + +fn convert_to_regex_url(uri: &str) -> String { + let mut result_uri = String::from("^"); + for ch in uri.chars() { + match ch { + '.' => result_uri.push_str(r"\."), + '*' => result_uri.push_str(".*"), + '?' => result_uri.push_str("."), + _ => result_uri.push(ch), + } + } + result_uri.push_str("$"); + result_uri } \ No newline at end of file diff --git a/central/src/auth/authentik/test.rs b/central/src/auth/authentik/test.rs index 2d0d73d..8ae8bea 100644 --- a/central/src/auth/authentik/test.rs +++ b/central/src/auth/authentik/test.rs @@ -53,7 +53,8 @@ async fn test_create_client() -> anyhow::Result<()> { "http://foo/bar".into(), "http://verbis/test".into(), "http://dkfz/verbis/test".into(), - "^http://dkfz.verbis/*".into(), + "http://dkfz.verbis/*".into(), + "https://e000-nb000.inet.dkfz-heidelberg.de/opal/*".into(), ], }; let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) = @@ -77,7 +78,8 @@ async fn test_create_client() -> anyhow::Result<()> { "http://foo/bar".into(), "http://verbis/test".into(), "http://dkfz/verbis/test".into(), - "^http://dkfz.verbis/*".into(), + "http://dkfz.verbis/*".into(), + "https://e000-nb000.inet.dkfz-heidelberg.de/opal/*".into(), ], }; let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) =