From f43821a33da5f24d0a4266c3e4a6e64a0267c9f2 Mon Sep 17 00:00:00 2001
From: Danielss89 <Danielss89@gmail.com>
Date: Mon, 14 Jul 2014 14:21:30 +0200
Subject: [PATCH] Add whiteliste functionality

---
 README.md                                     |  8 ++++-
 ...> e4w.zfcuser.redirecturl.global.php.dist} |  0
 config/module.config.php                      |  4 +--
 .../Controller/RedirectCallback.php           | 36 +++++++++++++++++--
 .../Controller/RedirectCallableFactory.php    |  4 +--
 .../Factory/Options/ModuleOptionsFactory.php  | 24 +++++++++++++
 .../RedirectUrl/Options/ModuleOptions.php     | 36 +++++++++++++++----
 7 files changed, 97 insertions(+), 15 deletions(-)
 rename config/{e4w.zfcuser.redirecturl.config.php.dist.php => e4w.zfcuser.redirecturl.global.php.dist} (100%)
 create mode 100644 src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php

diff --git a/README.md b/README.md
index c2d9492..adbd4da 100644
--- a/README.md
+++ b/README.md
@@ -3,6 +3,9 @@ E4WZfcUserRedirectUrl
 
 Introduction
 ------------
+This module changes the redirect behavior of ZfcUser to use url's instead of routes.
+The redirect URL is matched against a whitelist.
+Localhost and current domain are whitelisted by default.
 
 Installation
 ------------
@@ -22,7 +25,7 @@ Installation
     $ php composer.phar update
     ```
 
-3. Enable it in your `application.config.php`file.
+3. Enable it in your `application.config.php` file.
 
     ```php
     <?php
@@ -34,3 +37,6 @@ Installation
         // ...
     );
     ```
+
+4. Copy config/e4w.zfcuser.redirecturl.global.php.dist to config/autoload/e4w.zfcuser.redirecturl.global.php and add
+whitelisted domains.
diff --git a/config/e4w.zfcuser.redirecturl.config.php.dist.php b/config/e4w.zfcuser.redirecturl.global.php.dist
similarity index 100%
rename from config/e4w.zfcuser.redirecturl.config.php.dist.php
rename to config/e4w.zfcuser.redirecturl.global.php.dist
diff --git a/config/module.config.php b/config/module.config.php
index 0636cbe..ed2eaa5 100644
--- a/config/module.config.php
+++ b/config/module.config.php
@@ -20,9 +20,7 @@
     'service_manager' => array(
         'factories' => array(
             'zfcuser_redirect_callback' => 'E4W\ZfcUser\RedirectUrl\Factory\Controller\RedirectCallableFactory',
-        ),
-        'aliases' => array(
-            //'zfcuser_redirect_callback' => 'E4W\ZfcUser\RedirectUrl\Controller\RedirectCallable'
+            'E4W\ZfcUser\RedirectUrl\ModuleOptions' => 'E4W\ZfcUser\RedirectUrl\Factory\Options\ModuleOptionsFactory'
         ),
     ),
 );
diff --git a/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php b/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php
index 85878d4..ae2872b 100644
--- a/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php
+++ b/src/E4W/ZfcUser/RedirectUrl/Controller/RedirectCallback.php
@@ -23,6 +23,7 @@
 use Zend\Mvc\Router\Exception;
 use Zend\Http\PhpEnvironment\Response;
 use ZfcUser\Options\ModuleOptions as ZfcUserOptions;
+use E4W\ZfcUser\RedirectUrl\Options\ModuleOptions;
 
 /**
  * Buils a redirect response based on the current routing and parameters
@@ -47,11 +48,11 @@ class RedirectCallback
      * @param RouteInterface $router
      * @param ModuleOptions $options
      */
-    public function __construct(Application $application, RouteInterface $router, ZfcUserOptions $zfcUserOptions)
+    public function __construct(Application $application, RouteInterface $router, ZfcUserOptions $zfcUserOptions, ModuleOptions $options)
     {
         $this->router = $router;
         $this->application = $application;
-        //$this->options = $options;
+        $this->options = $options;
         $this->zfcUserOptions = $zfcUserOptions;
     }
 
@@ -90,9 +91,38 @@ private function getRedirectUrlFromRequest()
         return false;
     }
 
+    /**
+     * Checks if a $url is in whitelist
+     * / and localhost are always allowed
+     *
+     * partly snatched from https://gist.github.com/mjangda/1623788
+     *
+     * @param $url
+     * @return bool
+     */
     private function urlWhitelisted($url)
     {
-        return true;
+        $always_allowed = array('localhost');
+        $whitelisted_domains = array_merge($this->options->getWhitelist(), $always_allowed);
+
+        // Add http if missing(to satisfy parse_url())
+        if (strpos($url, "/") !== 0 && strpos($url, "http") !== 0) {
+            $url = 'http://' . $url;
+        }
+        $domain = parse_url($url, PHP_URL_HOST);
+
+        if (strpos($url, "/") === 0 || in_array($domain, $whitelisted_domains)) {
+            return true;
+        }
+
+        foreach ($whitelisted_domains as $whitelisted_domain) {
+            $whitelisted_domain = '.' . $whitelisted_domain;
+            if (strpos($domain, $whitelisted_domain) === (strlen($domain) - strlen($whitelisted_domain))) {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     /**
diff --git a/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php b/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php
index cfbc0aa..1814f7b 100644
--- a/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php
+++ b/src/E4W/ZfcUser/RedirectUrl/Factory/Controller/RedirectCallableFactory.php
@@ -21,8 +21,8 @@ public function createService(ServiceLocatorInterface $serviceLocator)
         $zfcUserOtions = $serviceLocator->get('zfcuser_module_options');
 
         /* @var \E4W\ZfcUser\RedirectUrl\Options\ModuleOptions $options */
-        //$options = $serviceLocator->get('E4W\ZfcUser\RedirectUrl\ModuleOptions');
+        $options = $serviceLocator->get('E4W\ZfcUser\RedirectUrl\ModuleOptions');
 
-        return new RedirectCallback($application, $router, $zfcUserOtions);
+        return new RedirectCallback($application, $router, $zfcUserOtions, $options);
     }
 }
diff --git a/src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php b/src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php
new file mode 100644
index 0000000..573cdf8
--- /dev/null
+++ b/src/E4W/ZfcUser/RedirectUrl/Factory/Options/ModuleOptionsFactory.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace E4W\ZfcUser\RedirectUrl\Factory\Options;
+
+use E4W\ZfcUser\RedirectUrl\Options\ModuleOptions;
+use Zend\ServiceManager\FactoryInterface;
+use Zend\ServiceManager\ServiceLocatorInterface;
+
+class ModuleOptionsFactory implements FactoryInterface
+{
+    /**
+     * Create options
+     *
+     * @param ServiceLocatorInterface $serviceLocator
+     * @return SocialService
+     */
+    public function createService(ServiceLocatorInterface $serviceLocator)
+    {
+        $config = $serviceLocator->get('Config');
+
+        $service = new ModuleOptions($config['e4wzfcuserredirecturl']);
+        return $service;
+    }
+}
diff --git a/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php b/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php
index 33be904..862d526 100644
--- a/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php
+++ b/src/E4W/ZfcUser/RedirectUrl/Options/ModuleOptions.php
@@ -1,7 +1,31 @@
 <?php
-/**
- * Created by PhpStorm.
- * User: Danielss89
- * Date: 09/07/14
- * Time: 10:39
- */ 
+
+namespace E4W\ZfcUser\RedirectUrl\Options;
+
+use Zend\Stdlib\AbstractOptions;
+
+class ModuleOptions extends AbstractOptions
+{
+    /**
+     * Array of urls which is allowed redirecting to.
+     * @var array
+     */
+    protected $whitelist;
+
+    /**
+     * @param array $whitelist
+     */
+    public function setWhitelist($whitelist)
+    {
+        $this->whitelist = $whitelist;
+    }
+
+    /**
+     * @return array
+     */
+    public function getWhitelist()
+    {
+        return $this->whitelist;
+    }
+    
+}