bugfix: domain name validation.

Updated regexp for domain validation Add testcases for domain validation fix issue: IdentityPython#950
StuBz211 · Feb 7, 2024 · 303c760 · 303c760
1 parent 3daa066
commit 303c760
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 1 deletion.
diff --git a/src/saml2/validate.py b/src/saml2/validate.py
@@ -420,6 +420,7 @@ def valid_instance(instance):
 
 
 def valid_domain_name(dns_name):
-    m = re.match(r"^[a-z0-9]+([-.]{ 1 }[a-z0-9]+).[a-z]{2,5}(:[0-9]{1,5})?(\/.)?$", dns_name, re.I)
+    m = re.match(r"^((?:[a-zA-Z](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,5})(?::\d+)?$", dns_name, re.I)
     if not m:
         raise ValueError("Not a proper domain name")
+    return True
diff --git a/tests/test_13_validate.py b/tests/test_13_validate.py
@@ -11,6 +11,7 @@
 from saml2.validate import valid_any_uri
 from saml2.validate import valid_anytype
 from saml2.validate import valid_duration
+from saml2.validate import valid_domain_name
 from saml2.validate import valid_instance
 from saml2.validate import valid_non_negative_integer
 from saml2.validate import valid_string
@@ -146,3 +147,61 @@ def test_valid_address():
         assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5")
     with raises(NotValid):
         assert valid_address("[[2001:8003:5555:9999:555a:5555:c77:d5c5]")
+
+
+def test_valid_domain_name():
+    assert valid_domain_name("api.my-domain.com")
+    assert valid_domain_name("auth.admin.domain.com")
+    assert valid_domain_name("auth.domain.com")
+    assert valid_domain_name("auth.domain.com")
+    assert valid_domain_name("lk.domain.com:12")
+    assert valid_domain_name("lk.domain.com:12")
+    assert valid_domain_name("static.domain.xyz:12345")
+    assert valid_domain_name("domain.com")
+    assert valid_domain_name("domain.lu")
+    assert valid_domain_name("auth-domain.com")
+    assert valid_domain_name("domain.com:12345")
+    assert valid_domain_name("auth-admin.domain-uero.xyz")
+    assert valid_domain_name("auth.lk.d.sr.mydomain.com")
+
+    with raises(ValueError):
+        valid_domain_name("")
+
+    with raises(ValueError):
+        valid_domain_name("auth.domain.ljnjnfds")
+
+    with raises(ValueError):
+        valid_domain_name("123.123.123.123")
+
+    with raises(ValueError):
+        valid_domain_name("123.123.123.123:80")
+
+    with raises(ValueError):
+        valid_domain_name("123.123.123.123:8000")
+
+    with raises(ValueError):
+        valid_domain_name("auth_domain.com")
+
+    with raises(ValueError):
+        valid_domain_name("example-.com")
+
+    with raises(ValueError):
+        valid_domain_name("[email protected]")
+
+    with raises(ValueError):
+        valid_domain_name("exaple.c")
+
+    with raises(ValueError):
+        valid_domain_name("123example.com")
+
+    with raises(ValueError):
+        valid_domain_name("example.com:")
+
+    with raises(ValueError):
+        valid_domain_name("example..com")
+
+    with raises(ValueError):
+        valid_domain_name("example.com123")
+
+    with raises(ValueError):
+        valid_domain_name("example.com.")