fix: revert sanitize redirect URL #1974

Reverting this until we come up with a backwards compatible
solution.

Author: Chris Stockton

internal/utilities/request.go

@@ -92,13 +92,9 @@ func IsRedirectURLValid(config *conf.GlobalConfiguration, redirectURL string) bo
 		return true
 	}
 
-	// Clean up the referrer URL to avoid pattern matching an invalid URL
-	refurl.Fragment = ""
-	refurl.RawQuery = ""
-
 	// For case when user came from mobile app or other permitted resource - redirect back
 	for _, pattern := range config.URIAllowListMap {
-		if pattern.Match(refurl.String()) {
+		if pattern.Match(redirectURL) {
 			return true
 		}
 	}

internal/utilities/request_test.go

@@ -91,7 +91,7 @@ func TestGetIPAddress(t *tst.T) {
 func TestGetReferrer(t *tst.T) {
 	config := conf.GlobalConfiguration{
 		SiteURL:      "https://example.com",
-		URIAllowList: []string{"http://localhost:8000/*", "http://*.localhost:8000/*"},
+		URIAllowList: []string{"http://localhost:8000/*"},
 		JWT: conf.JWTConfiguration{
 			Secret: "testsecret",
 		},
@@ -122,16 +122,6 @@ func TestGetReferrer(t *tst.T) {
 			redirectURL: "http://localhost:8000/path/to/page",
 			expected:    config.SiteURL,
 		},
-		{
-			desc:        "* respects parameters",
-			redirectURL: "http://localhost:8000/path?param=1",
-			expected:    "http://localhost:8000/path?param=1",
-		},
-		{
-			desc:        "invalid redirect url via query smurfing",
-			redirectURL: "http://123?.localhost:8000/path",
-			expected:    config.SiteURL,
-		},
 	}
 
 	for _, c := range cases {