end
def is_trusted
- norm(self.url_prefix) == norm(Rails.configuration.Services.Workbench1.ExternalURL) ||
- norm(self.url_prefix) == norm(Rails.configuration.Services.Workbench2.ExternalURL) ||
- super
+ (from_trusted_url && Rails.configuration.Login.IssueTrustedTokens) || super
end
protected
+ def from_trusted_url
+ norm_url_prefix = norm(self.url_prefix)
+
+ [Rails.configuration.Services.Workbench1.ExternalURL,
+ Rails.configuration.Services.Workbench2.ExternalURL,
+ "https://controller.api.client.invalid"].each do |url|
+ if norm_url_prefix == norm(url)
+ return true
+ end
+ end
+
+ Rails.configuration.Login.TrustedClients.keys.each do |url|
+ trusted = norm(url)
+ if norm_url_prefix == trusted
+ return true
+ end
+ if trusted.host.to_s.starts_with?("*.") &&
+ norm_url_prefix.to_s.starts_with?(trusted.scheme + "://") &&
+ norm_url_prefix.to_s.ends_with?(trusted.to_s[trusted.scheme.length + 4...])
+ return true
+ end
+ end
+
+ false
+ end
+
def norm url
# normalize URL for comparison
- url = URI(url)
- if url.scheme == "https"
- url.port == "443"
- end
- if url.scheme == "http"
- url.port == "80"
+ url = URI(url.to_s)
+ if url.scheme == "https" && url.port == ""
+ url.port = "443"
+ elsif url.scheme == "http" && url.port == ""
+ url.port = "80"
end
url.path = "/"
+ url.query = nil
+ url.fragment = nil
url
end
end