fix(sso): login with custom startUrl not allowed #6368
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Problem: A user reported that a non-standard start url is technically valid. This is because it can redirect to the underlying valid start url that matches the pattern: https://xxxxxxxx.awsapps.com/start Solution: Allow any URL, but warn users if they are using a non-standard one. We will show a yellow warning message in this case. The red error message is still shown when the input does not match a URL in general. Signed-off-by: nkomonen-amazon <[email protected]>
Signed-off-by: nkomonen-amazon <[email protected]>
nkomonen-amazon
changed the title
justinmk3
reviewed
Jan 14, 2025
justinmk3
reviewed
Jan 14, 2025
| @@ -58,3 +58,15 @@ export function toUri(path: string | vscode.Uri): vscode.Uri { | |||
| } | |||
| return vscode.Uri.file(path) | |||
| } | |||
|
|
|||
| export function isValidUrl(string: string): boolean { | |||
There was a problem hiding this comment.
is vscode.Uri.parse useful here? docstring may want to mention why not
There was a problem hiding this comment.
That would add additional LOC since we'd have to check every part manually. Also there may be nuances with a valid URL that we could miss
justinmk3
approved these changes
Jan 14, 2025
Signed-off-by: nkomonen-amazon <[email protected]>
Signed-off-by: nkomonen-amazon <[email protected]>
jpinkney-aws
approved these changes
Jan 15, 2025
karanA-aws
pushed a commit
to karanA-aws/aws-toolkit-vscode
that referenced
this pull request
Jan 17, 2025
## Problem: A user reported that a non-standard start url is technically valid. This is because it can redirect to the underlying valid start url that matches the pattern: https://xxxxxxxx.awsapps.com/start ## Solution: Allow any URL, but warn users if they are using a non-standard one. We will show a yellow warning message in this case. The red error message is still shown when the input does not match a URL in general. ## Examples ### Invalid URL <img width="315" alt="Screenshot 2025-01-14 at 4 33 58 PM" src="https://github.com/user-attachments/assets/a5b2cb8a-c4fc-4678-a711-2f3f00bbe084" /> ### Possibly valid since it may redirect to a valid URL <img width="302" alt="Screenshot 2025-01-14 at 4 34 13 PM" src="https://github.com/user-attachments/assets/0690f818-f4ba-4eae-b037-f856f5a2b2a0" /> ### Missing the trailing `/start` <img width="295" alt="Screenshot 2025-01-14 at 4 34 29 PM" src="https://github.com/user-attachments/assets/8bcf3a4b-eba3-4bd8-8c68-24b709ee854d" /> ### URL that also matches expected pattern <img width="286" alt="Screenshot 2025-01-14 at 4 34 35 PM" src="https://github.com/user-attachments/assets/eea2f2cb-6500-469c-9836-96ffc9cb5794" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Signed-off-by: nkomonen-amazon <[email protected]>
kevluu-aws
pushed a commit
to kevluu-aws/aws-toolkit-vscode
that referenced
this pull request
Jan 23, 2025
## Problem: A user reported that a non-standard start url is technically valid. This is because it can redirect to the underlying valid start url that matches the pattern: https://xxxxxxxx.awsapps.com/start ## Solution: Allow any URL, but warn users if they are using a non-standard one. We will show a yellow warning message in this case. The red error message is still shown when the input does not match a URL in general. ## Examples ### Invalid URL <img width="315" alt="Screenshot 2025-01-14 at 4 33 58 PM" src="https://github.com/user-attachments/assets/a5b2cb8a-c4fc-4678-a711-2f3f00bbe084" /> ### Possibly valid since it may redirect to a valid URL <img width="302" alt="Screenshot 2025-01-14 at 4 34 13 PM" src="https://github.com/user-attachments/assets/0690f818-f4ba-4eae-b037-f856f5a2b2a0" /> ### Missing the trailing `/start` <img width="295" alt="Screenshot 2025-01-14 at 4 34 29 PM" src="https://github.com/user-attachments/assets/8bcf3a4b-eba3-4bd8-8c68-24b709ee854d" /> ### URL that also matches expected pattern <img width="286" alt="Screenshot 2025-01-14 at 4 34 35 PM" src="https://github.com/user-attachments/assets/eea2f2cb-6500-469c-9836-96ffc9cb5794" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Signed-off-by: nkomonen-amazon <[email protected]>
s7ab059789
pushed a commit
to s7ab059789/aws-toolkit-vscode
that referenced
this pull request
Feb 19, 2025
## Problem: A user reported that a non-standard start url is technically valid. This is because it can redirect to the underlying valid start url that matches the pattern: https://xxxxxxxx.awsapps.com/start ## Solution: Allow any URL, but warn users if they are using a non-standard one. We will show a yellow warning message in this case. The red error message is still shown when the input does not match a URL in general. ## Examples ### Invalid URL <img width="315" alt="Screenshot 2025-01-14 at 4 33 58 PM" src="https://github.com/user-attachments/assets/a5b2cb8a-c4fc-4678-a711-2f3f00bbe084" /> ### Possibly valid since it may redirect to a valid URL <img width="302" alt="Screenshot 2025-01-14 at 4 34 13 PM" src="https://github.com/user-attachments/assets/0690f818-f4ba-4eae-b037-f856f5a2b2a0" /> ### Missing the trailing `/start` <img width="295" alt="Screenshot 2025-01-14 at 4 34 29 PM" src="https://github.com/user-attachments/assets/8bcf3a4b-eba3-4bd8-8c68-24b709ee854d" /> ### URL that also matches expected pattern <img width="286" alt="Screenshot 2025-01-14 at 4 34 35 PM" src="https://github.com/user-attachments/assets/eea2f2cb-6500-469c-9836-96ffc9cb5794" /> --- - Treat all work as PUBLIC. Private `feature/x` branches will not be squash-merged at release time. - Your code changes must meet the guidelines in [CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines). - License: I confirm that my contribution is made under the terms of the Apache 2.0 license. --------- Signed-off-by: nkomonen-amazon <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem:
A user reported that a non-standard start url is technically
valid. This is because it can redirect to the underlying valid
start url that matches the pattern: https://xxxxxxxx.awsapps.com/start
#6341
Solution:
Allow any URL, but warn users if they are using a non-standard one.
We will show a yellow warning message in this case.
The red error message is still shown when the input does not match a
URL in general.
Examples
Invalid URL
Possibly valid since it may redirect to a valid URL
Missing the trailing
/startURL that also matches expected pattern
feature/xbranches will not be squash-merged at release time.