whitelist some custom url schemes for bc

2021-06-28 19:08:38 +02:00 · 2021-06-28 19:08:38 +02:00 · 25ac2e1138
parent d51f39fe84
commit 25ac2e1138
2 changed files with 22 additions and 3 deletions
--- a/modules/oauth/src/main/LegacyClientApi.scala
+++ b/modules/oauth/src/main/LegacyClientApi.scala
@ -30,6 +30,8 @@ object LegacyClientApi {
    override def toString                 = "ClientSecret(***)"
  }

-  case object MismatchingClientSecret extends Protocol.Error.InvalidGrant("fix mismatching client secret (or update to pkce)")
-  case object ClientSecretRequired extends Protocol.Error.InvalidRequest("client_secret required (or update to pkce)")
+  case object MismatchingClientSecret
+      extends Protocol.Error.InvalidGrant("fix mismatching client secret (or update to pkce)")
+  case object ClientSecretRequired
+      extends Protocol.Error.InvalidRequest("client_secret required (or update to pkce)")
 }
--- a/modules/oauth/src/main/Protocol.scala
+++ b/modules/oauth/src/main/Protocol.scala
@ -90,7 +90,24 @@ object Protocol {
        .parseOption(redirectUri)
        .toValid(Error.RedirectUriInvalid)
        .ensure(Error.RedirectSchemeNotAllowed)(url =>
-          List("http", "https", "ionic", "capacitor").has(url.scheme)
+          List(
+            // standard
+            "http",
+            "https",
+            "ionic",
+            "capacitor",
+            // bc
+            "squareoffapp",
+            "anichess",
+            "lichessmac",
+            "chessrtx",
+            "chesscomopse",
+            // whitelist (consider automating)
+            "no.rieck.chess.dgt",
+            "net.developerfluid.darkknight",
+            "com.guykn.chessboard3",
+            "com.georgdotorg.catur"
+          ).has(url.scheme)
        )
        .map(RedirectUri.apply)