authorizer/server/utils/validator.go

package utils

import (
	"net/mail"
	"regexp"
	"strings"

	"github.com/authorizerdev/authorizer/server/constants"
	"github.com/authorizerdev/authorizer/server/envstore"
)

// IsValidEmail validates email
func IsValidEmail(email string) bool {
	_, err := mail.ParseAddress(email)
	return err == nil
}

// IsValidOrigin validates origin based on ALLOWED_ORIGINS
func IsValidOrigin(url string) bool {
	allowedOrigins := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)
	if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {
		return true
	}

	hasValidURL := false
	hostName, port := GetHostParts(url)
	currentOrigin := hostName + ":" + port

	for _, origin := range allowedOrigins {
		replacedString := origin
		// if has regex whitelisted domains
		if strings.Contains(origin, "*") {
			replacedString = strings.Replace(origin, ".", "\\.", -1)
			replacedString = strings.Replace(replacedString, "*", ".*", -1)

			if strings.HasPrefix(replacedString, ".*") {
				replacedString += "\\b"
			}

			if strings.HasSuffix(replacedString, ".*") {
				replacedString = "\\b" + replacedString
			}
		}

		if matched, _ := regexp.MatchString(replacedString, currentOrigin); matched {
			hasValidURL = true
			break
		}
	}

	return hasValidURL
}

// IsValidRoles validates roles
func IsValidRoles(userRoles []string, roles []string) bool {
	valid := true
	for _, role := range roles {
		if !StringSliceContains(userRoles, role) {
			valid = false
			break
		}
	}

	return valid
}

// IsValidVerificationIdentifier validates verification identifier that is used to identify
// the type of verification request
func IsValidVerificationIdentifier(identifier string) bool {
	if identifier != constants.VerificationTypeBasicAuthSignup && identifier != constants.VerificationTypeForgotPassword && identifier != constants.VerificationTypeUpdateEmail {
		return false
	}
	return true
}

// IsStringArrayEqual validates if string array are equal.
// This does check if the order is same
func IsStringArrayEqual(a, b []string) bool {
	if len(a) != len(b) {
		return false
	}
	for i, v := range a {
		if v != b[i] {
			return false
		}
	}
	return true
}

// ValidatePassword to validate the password against the following policy
// min char length: 6
// max char length: 36
// at least one upper case letter
// at least one lower case letter
// at least one digit
// at least one special character
func IsValidPassword(password string) bool {
	if len(password) < 6 || len(password) > 36 {
		return false
	}

	hasUpperCase := false
	hasLowerCase := false
	hasDigit := false
	hasSpecialChar := false

	for _, char := range password {
		if char >= 'A' && char <= 'Z' {
			hasUpperCase = true
		} else if char >= 'a' && char <= 'z' {
			hasLowerCase = true
		} else if char >= '0' && char <= '9' {
			hasDigit = true
		} else {
			hasSpecialChar = true
		}
	}

	return hasUpperCase && hasLowerCase && hasDigit && hasSpecialChar
}
add signup resolver 2021-07-12 18:22:16 +00:00			`package utils`

feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`import (`
			`"net/mail"`
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`"regexp"`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`"strings"`

			`"github.com/authorizerdev/authorizer/server/constants"`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`"github.com/authorizerdev/authorizer/server/envstore"`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`)`
add signup resolver 2021-07-12 18:22:16 +00:00
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// IsValidEmail validates email`
add signup resolver 2021-07-12 18:22:16 +00:00			`func IsValidEmail(email string) bool {`
			`_, err := mail.ParseAddress(email)`
			`return err == nil`
			`}`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// IsValidOrigin validates origin based on ALLOWED_ORIGINS`
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`func IsValidOrigin(url string) bool {`
fix: tests 2022-02-28 02:25:01 +00:00			`allowedOrigins := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`return true`
			`}`

			`hasValidURL := false`
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`hostName, port := GetHostParts(url)`
			`currentOrigin := hostName + ":" + port`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`for _, origin := range allowedOrigins {`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`replacedString := origin`
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`// if has regex whitelisted domains`
fix: rename config -> env and handle env interface better 2022-01-20 11:22:37 +00:00			`if strings.Contains(origin, "*") {`
			`replacedString = strings.Replace(origin, ".", "\\.", -1)`
fix: add valid origin check for cors (#83) Resolves #72 2021-12-21 13:16:54 +00:00			`replacedString = strings.Replace(replacedString, "", ".", -1)`

			`if strings.HasPrefix(replacedString, ".*") {`
			`replacedString += "\\b"`
			`}`

			`if strings.HasSuffix(replacedString, ".*") {`
			`replacedString = "\\b" + replacedString`
			`}`
			`}`

			`if matched, _ := regexp.MatchString(replacedString, currentOrigin); matched {`
feat: login wall (#42) * feat: add login-wall app * fix: rename vars * fix: rename vars * update docker file * add validations for app state * add host check for app * fix: docker file 2021-08-04 06:48:57 +00:00			`hasValidURL = true`
			`break`
			`}`
			`}`

			`return hasValidURL`
			`}`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// IsValidRoles validates roles`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`func IsValidRoles(userRoles []string, roles []string) bool {`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`valid := true`
feat: use multi roles login (#60) * feat: use multi roles login - add support for protected roles - refactor oauth code * fix: adminUpdate role validation * fix: update app 2021-10-13 16:41:41 +00:00			`for _, role := range roles {`
fix: multi role with oauth (#61) 2021-10-19 07:27:59 +00:00			`if !StringSliceContains(userRoles, role) {`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`valid = false`
			`break`
			`}`
			`}`

			`return valid`
			`}`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// IsValidVerificationIdentifier validates verification identifier that is used to identify`
			`// the type of verification request`
feat: add integration tests for signup, login, reset_password, forgot_password, verify_email 2021-12-23 05:01:52 +00:00			`func IsValidVerificationIdentifier(identifier string) bool {`
Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`if identifier != constants.VerificationTypeBasicAuthSignup && identifier != constants.VerificationTypeForgotPassword && identifier != constants.VerificationTypeUpdateEmail {`
feat: add integration tests for signup, login, reset_password, forgot_password, verify_email 2021-12-23 05:01:52 +00:00			`return false`
			`}`
			`return true`
			`}`

Feat/dashboard (#105) 2022-01-17 06:02:13 +00:00			`// IsStringArrayEqual validates if string array are equal.`
			`// This does check if the order is same`
feat/role based access (#50) * feat: add roles based access * feat: update roles env + todo * feat: add roles to update profile * feat: add role based oauth * feat: validate role for a given token 2021-09-20 05:06:26 +00:00			`func IsStringArrayEqual(a, b []string) bool {`
			`if len(a) != len(b) {`
			`return false`
			`}`
			`for i, v := range a {`
			`if v != b[i] {`
			`return false`
			`}`
			`}`
			`return true`
			`}`
feat: add validation for strong password 2022-03-17 10:05:07 +00:00
			`// ValidatePassword to validate the password against the following policy`
			`// min char length: 6`
			`// max char length: 36`
			`// at least one upper case letter`
			`// at least one lower case letter`
			`// at least one digit`
			`// at least one special character`
			`func IsValidPassword(password string) bool {`
			`if len(password) < 6 \|\| len(password) > 36 {`
			`return false`
			`}`

			`hasUpperCase := false`
			`hasLowerCase := false`
			`hasDigit := false`
			`hasSpecialChar := false`

			`for _, char := range password {`
			`if char >= 'A' && char <= 'Z' {`
			`hasUpperCase = true`
			`} else if char >= 'a' && char <= 'z' {`
			`hasLowerCase = true`
			`} else if char >= '0' && char <= '9' {`
			`hasDigit = true`
			`} else {`
			`hasSpecialChar = true`
			`}`
			`}`

			`return hasUpperCase && hasLowerCase && hasDigit && hasSpecialChar`
			`}`