From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: Christoph Heiss <c.heiss@proxmox.com>
Cc: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] applied: [PATCH pmg-api 1/2] auth: oidc: fix pattern for `client-id` and `client-key`
Date: Thu, 26 Jun 2025 12:46:32 +0200 [thread overview]
Message-ID: <20250626124632.37dbc9f1@rosa.proxmox.com> (raw)
In-Reply-To: <20250318135919.888083-2-c.heiss@proxmox.com>
applied this one after skimming through the RFC - thanks for the patch!
On Tue, 18 Mar 2025 14:59:17 +0100
Christoph Heiss <c.heiss@proxmox.com> wrote:
> Fixes #6214 [0].
>
> As per RFC 6749 Appendix A [1], `client-id` and `client-key` can contain
> any printable ascii character, i.e. anything in the (inclusive) range
> 0x20-0x7E.
>
> Reflect that in the pattern.
>
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=6214
> [1] https://www.rfc-editor.org/rfc/rfc6749#appendix-A
>
> Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> ---
> src/PMG/Auth/OIDC.pm | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/src/PMG/Auth/OIDC.pm b/src/PMG/Auth/OIDC.pm
> index b2b1a05..5f797d1 100755
> --- a/src/PMG/Auth/OIDC.pm
> +++ b/src/PMG/Auth/OIDC.pm
> @@ -61,18 +61,22 @@ sub properties {
> maxLength => 256,
> pattern => qr/^(https?):\/\/([a-zA-Z0-9.-]+)(:[0-9]{1,5})?(\/[^\s]*)?$/,
> },
> + # See RFC 6749, Appendix A for the allowed pattern for `client-id` and
> + # `client-key`.
> + # https://www.rfc-editor.org/rfc/rfc6749#appendix-A
> + # tl;dr: anything ASCII in the (inclusive) range 0x20-0x7E
> 'client-id' => {
> description => "OpenID Connect Client ID",
> type => 'string',
> maxLength => 256,
> - pattern => qr/^[a-zA-Z0-9._:-]+$/,
> + pattern => qr/^[\x20-\x7E]+$/,
> },
> 'client-key' => {
> description => "OpenID Connect Client Key",
> type => 'string',
> optional => 1,
> maxLength => 256,
> - pattern => qr/^[a-zA-Z0-9._:-]+$/,
> + pattern => qr/^[\x20-\x7E]+$/,
> },
> autocreate => {
> description => "Automatically create users if they do not exist.",
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
next prev parent reply other threads:[~2025-06-26 10:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-18 13:59 [pmg-devel] [PATCH pmg-api/pwt 0/2] fix #6214: improve OIDC field validation Christoph Heiss
2025-03-18 13:59 ` [pmg-devel] [PATCH pmg-api 1/2] auth: oidc: fix pattern for `client-id` and `client-key` Christoph Heiss
2025-06-26 10:46 ` Stoiko Ivanov [this message]
2025-03-18 13:59 ` [pmg-devel] [PATCH widget-toolkit 2/2] window: AuthEditOpenId: add validation for required fields Christoph Heiss
2025-06-26 10:47 ` Stoiko Ivanov
2025-05-16 10:13 ` [pmg-devel] [PATCH pmg-api/pwt 0/2] fix #6214: improve OIDC field validation Christoph Heiss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250626124632.37dbc9f1@rosa.proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=c.heiss@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox