Merge pull request #25446 from lemniscus/oauth-reduce-dns-queries

Reduce unneeded DNS queries during OAuth flow

Merge pull request #25446 from lemniscus/oauth-reduce-dns-queries
b07cd267 · totten · GitHub · 4d752e26 · eaf712b4 · b07cd267
Unverified Commit b07cd267 authored 2 years ago by totten Committed by GitHub 2 years ago
--- a/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php
+++ b/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php
@@ -91,20 +91,19 @@ class AuthorizationCode extends AbstractGrantAction {
    parent::validate();
    if ($this->landingUrl) {
      $landingUrlParsed = parse_url($this->landingUrl);
-      $landingUrlIp = gethostbyname($landingUrlParsed['host']);
+      $landingUrlIp = gethostbyname($landingUrlParsed['host'] . '.');
      $allowedBases = [
        \Civi::paths()->getVariable('cms.root', 'url'),
        \Civi::paths()->getVariable('civicrm.root', 'url'),
      ];
-      $ok = max(array_map(function($allowed) use ($landingUrlParsed, $landingUrlIp) {
+      foreach ($allowedBases as $allowed) {
        $allowedParsed = parse_url($allowed);
-        $allowedIp = gethostbyname($allowedParsed['host']);
-        $ok = $landingUrlIp === $allowedIp && $landingUrlParsed['scheme'] == $allowedParsed['scheme'];
-        return (int) $ok;
-      }, $allowedBases));
-      if (!$ok) {
-        throw new OAuthException("Cannot initiate OAuth. Unsupported landing URL.");
+        $allowedIp = gethostbyname($allowedParsed['host'] . '.');
+        if ($landingUrlIp === $allowedIp && $landingUrlParsed['scheme'] == $allowedParsed['scheme']) {
+          return;
+        }
      }
+      throw new OAuthException("Cannot initiate OAuth. Unsupported landing URL.");
    }
  }