From: Mendhak <mendhak@hotmail.com>
Date: Sat, 23 Apr 2011 09:29:49 +0000 (+0100)
Subject: Allow any valid (per RFC 3986) scheme name in OAuth callback URLs
X-Git-Tag: live~5052^2~158
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/03eb6ce048047826cb40d73e755702ec51b916d5?hp=ff174c1feb1c4990107d65b07ca6b5745f5742df

Allow any valid (per RFC 3986) scheme name in OAuth callback URLs

Changed the callback_url regex so that you can have custom schemes such
as myapp: or my-lovely-app: instead of just http and https. This should
help with mobile development where users can authorize with OSM in their
browser and are automatically redirected to the registered app.
---

diff --git a/app/models/client_application.rb b/app/models/client_application.rb
index 09eec40d3..63c46a46f 100644
--- a/app/models/client_application.rb
+++ b/app/models/client_application.rb
@@ -9,7 +9,7 @@ class ClientApplication < ActiveRecord::Base
   
   validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
   validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
-  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\A([a-z]){1}([\w0-9\.\+\-])*:\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
 
   attr_accessor :token_callback_url