From 8983ed91560b45faa2025ac294960727f5820ade Mon Sep 17 00:00:00 2001
From: Alex Tugarev <alex@gitpod.io>
Date: Wed, 14 Apr 2021 13:57:49 +0000
Subject: [PATCH] [server] add host check

---
 components/server/src/auth/generic-auth-provider.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/components/server/src/auth/generic-auth-provider.ts b/components/server/src/auth/generic-auth-provider.ts
index b62227fddb3b74..9e8574f049a280 100644
--- a/components/server/src/auth/generic-auth-provider.ts
+++ b/components/server/src/auth/generic-auth-provider.ts
@@ -286,6 +286,14 @@ export class GenericAuthProvider implements AuthProvider {
             return;
         }
 
+        if (authFlow.host !== this.host) {
+            increaseLoginCounter("failed", this.host);
+
+            log.error(cxt, `(${strategyName}) Host does not match.`, { request, clientInfo });
+            response.redirect(this.getSorryUrl(`Host does not match.`));
+            return;
+        }
+
         const defaultLogPayload = { authFlow, clientInfo, authProviderId, request };
 
         // check OAuth2 errors