From c6e4d8821efb5ea9f6b25e7846d05146ae14f77b Mon Sep 17 00:00:00 2001 From: ildyria Date: Mon, 21 Aug 2023 23:23:29 +0200 Subject: [PATCH 1/6] add error thrown if APP_URL does not match current url --- app/Actions/Diagnostics/Errors.php | 2 ++ .../Pipes/Checks/AppUrlMatchCheck.php | 21 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php diff --git a/app/Actions/Diagnostics/Errors.php b/app/Actions/Diagnostics/Errors.php index 9d94185ef90..b54186dc43a 100644 --- a/app/Actions/Diagnostics/Errors.php +++ b/app/Actions/Diagnostics/Errors.php @@ -3,6 +3,7 @@ namespace App\Actions\Diagnostics; use App\Actions\Diagnostics\Pipes\Checks\AdminUserExistsCheck; +use App\Actions\Diagnostics\Pipes\Checks\AppUrlMatchCheck; use App\Actions\Diagnostics\Pipes\Checks\BasicPermissionCheck; use App\Actions\Diagnostics\Pipes\Checks\ConfigSanityCheck; use App\Actions\Diagnostics\Pipes\Checks\DBIntegrityCheck; @@ -32,6 +33,7 @@ class Errors GDSupportCheck::class, ImageOptCheck::class, IniSettingsCheck::class, + AppUrlMatchCheck::class, MigrationCheck::class, PHPVersionCheck::class, TimezoneCheck::class, diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php new file mode 100644 index 00000000000..9dee20abd0b --- /dev/null +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -0,0 +1,21 @@ +httpHost()) + { + $data[] = 'Error: APP_URL does not match the current url. This will break U2F authentication. Please update APP_URL to reflect this change.'; + } + + return $next($data); + } +} \ No newline at end of file From 3c37b95ca9ad4149ef962f5068055c20f6319272 Mon Sep 17 00:00:00 2001 From: ildyria Date: Mon, 21 Aug 2023 23:24:56 +0200 Subject: [PATCH 2/6] formatting --- app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php index 9dee20abd0b..3cbd88f91e9 100644 --- a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -11,9 +11,8 @@ class AppUrlMatchCheck implements DiagnosticPipe */ public function handle(array &$data, \Closure $next): array { - if (config('app.url') !== request()->httpHost()) - { - $data[] = 'Error: APP_URL does not match the current url. This will break U2F authentication. Please update APP_URL to reflect this change.'; + if (config('app.url') !== request()->httpHost()) { + $data[] = 'Error: APP_URL does not match the current url. This will break U2F authentication. Please update APP_URL to reflect this change.'; } return $next($data); From 4fc3c7f6a465a724a8a42a9375c79e2851e48119 Mon Sep 17 00:00:00 2001 From: ildyria Date: Mon, 21 Aug 2023 23:27:12 +0200 Subject: [PATCH 3/6] formatting + better check --- app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php index 3cbd88f91e9..7c5104e0534 100644 --- a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -11,7 +11,8 @@ class AppUrlMatchCheck implements DiagnosticPipe */ public function handle(array &$data, \Closure $next): array { - if (config('app.url') !== request()->httpHost()) { + if (config('app.url') !== request()->httpHost() && + config('app.url') !== request()->schemeAndHttpHost()) { $data[] = 'Error: APP_URL does not match the current url. This will break U2F authentication. Please update APP_URL to reflect this change.'; } From 8320d168436cf830789994205b55b2e3aa7ce5e6 Mon Sep 17 00:00:00 2001 From: ildyria Date: Tue, 22 Aug 2023 10:22:11 +0200 Subject: [PATCH 4/6] fix warning --- .../Diagnostics/Pipes/Checks/AppUrlMatchCheck.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php index 7c5104e0534..6a58f260121 100644 --- a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -11,11 +11,14 @@ class AppUrlMatchCheck implements DiagnosticPipe */ public function handle(array &$data, \Closure $next): array { - if (config('app.url') !== request()->httpHost() && - config('app.url') !== request()->schemeAndHttpHost()) { - $data[] = 'Error: APP_URL does not match the current url. This will break U2F authentication. Please update APP_URL to reflect this change.'; + $config_url = config('app.url'); + // http:// is 7 characters. + if (strpos($config_url, '/', 8) !== false) { + $data[] = 'Warning: APP_URL contains a sub-path. This may impact your WebAuthn authentication.'; + } else if ($config_url !== request()->httpHost() && $config_url !== request()->schemeAndHttpHost()) { + $data[] = 'Error: APP_URL does not match the current url. This will break WebAuthn authentication. Please update APP_URL to reflect this change.'; } return $next($data); } -} \ No newline at end of file +} From 1149192d0999371cc060200905e43296785af482 Mon Sep 17 00:00:00 2001 From: ildyria Date: Tue, 22 Aug 2023 10:26:23 +0200 Subject: [PATCH 5/6] WRTC --- app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php index 6a58f260121..f5cc4b0616f 100644 --- a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -15,7 +15,7 @@ public function handle(array &$data, \Closure $next): array // http:// is 7 characters. if (strpos($config_url, '/', 8) !== false) { $data[] = 'Warning: APP_URL contains a sub-path. This may impact your WebAuthn authentication.'; - } else if ($config_url !== request()->httpHost() && $config_url !== request()->schemeAndHttpHost()) { + } elseif ($config_url !== request()->httpHost() && $config_url !== request()->schemeAndHttpHost()) { $data[] = 'Error: APP_URL does not match the current url. This will break WebAuthn authentication. Please update APP_URL to reflect this change.'; } From c4c07dfa84ba9b74909491bbbafa6f626dee4c12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20Viguier?= Date: Tue, 22 Aug 2023 12:40:03 +0200 Subject: [PATCH 6/6] Update app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php Co-authored-by: Martin Stone <1611702+d7415@users.noreply.github.com> --- app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php index f5cc4b0616f..a3b02a41c52 100644 --- a/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php +++ b/app/Actions/Diagnostics/Pipes/Checks/AppUrlMatchCheck.php @@ -12,7 +12,7 @@ class AppUrlMatchCheck implements DiagnosticPipe public function handle(array &$data, \Closure $next): array { $config_url = config('app.url'); - // http:// is 7 characters. + // https:// is 8 characters. if (strpos($config_url, '/', 8) !== false) { $data[] = 'Warning: APP_URL contains a sub-path. This may impact your WebAuthn authentication.'; } elseif ($config_url !== request()->httpHost() && $config_url !== request()->schemeAndHttpHost()) {