Enforce schema in Callback URIs and use full URI in abandon auth UI #62
Labels
backend
Relates to backend
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Milestone
Comments
fisher60
added
enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
Callback URIs can be set to any arbitrary value, including relative paths or just nonsense. Currently the AbandonAuth UI for developer dashboards uses a relative path for the callback URI. This should be changed to use the full URL in the specific environment. I.e in production we should be using
auth.abandontech.cloud/ui, in dev it should uselocalhost:{port}/uiwhere port is the actual port the application is being locally deployed with.Acceptance Criteria
Callback URIs have validation either in the database, Pydantic models, or both that forces them to be in the form of a valid URI, therefore disallowing relative paths or random strings.
The AbandonAuth UI must also use the new, correct format for its own redirect to the AbandonAuth login page.
The text was updated successfully, but these errors were encountered: