luci-proto-openconnect: fix server url validation
authorJo-Philipp Wich <jo@mein.io>
Tue, 7 Feb 2023 10:52:17 +0000 (11:52 +0100)
committerJo-Philipp Wich <jo@mein.io>
Tue, 7 Feb 2023 10:53:31 +0000 (11:53 +0100)
The OpenConnect configuration form incorrectly assumed that the server
setting must be hostname while it actually may be a full URL.

Fixes: #6184
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
modules/luci-base/htdocs/luci-static/resources/ui.js
protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js

index 51b6c0902de56536aa514d36a1a957138ddf6a68..9433659f7d83c452744f2201535b791eec40be84 100644 (file)
@@ -820,7 +820,7 @@ var UISelect = UIElement.extend(/** @lends LuCI.ui.Select.prototype */ {
                                                'type': this.options.multiple ? 'checkbox' : 'radio',
                                                'class': this.options.multiple ? 'cbi-input-checkbox' : 'cbi-input-radio',
                                                'value': keys[i],
-                                               'checked': (this.values.indexOf(keys[i]) > -1) ? '' : null,
+                                               'checked': ((!i && !this.values.length) || this.values.indexOf(keys[i]) > -1) ? '' : null,
                                                'disabled': this.options.disabled ? '' : null
                                        }),
                                        E('label', { 'for': this.options.id ? 'widget.%s.%d'.format(this.options.id, i) : null }),
@@ -832,6 +832,9 @@ var UISelect = UIElement.extend(/** @lends LuCI.ui.Select.prototype */ {
                                ]));
 
                                frameEl.appendChild(brEl.cloneNode());
+
+                               if (!frameEl.querySelector('> span > input[checked]')
+                                       frameEl.querySelector('> span > input').checked = true;
                        }
                }
 
index 91ad65cb342cf5dd230171512334f63567d93c9c..e38afdc201c17eaeb7f90c0b6a5a202bd1e66ce7 100644 (file)
@@ -2,6 +2,7 @@
 'require rpc';
 'require form';
 'require network';
+'require validation';
 
 var callGetCertificateFiles = rpc.declare({
        object: 'luci.openconnect',
@@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', {
                o.value('pulse', 'Pulse Connect Secure SSL VPN');
 
                o = s.taboption('general', form.Value, 'server', _('VPN Server'));
-               o.datatype = 'host(0)';
+               o.validate = function(section_id, value) {
+                       var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i);
+
+                       if (!m)
+                               return _('Invalid server URL');
+
+                       if (m[1] != null) {
+                               if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i))
+                                       return _('Unsupported protocol');
+                       }
+
+                       if (m[2] != null) {
+                               if (!validation.parseIPv6(m[2]))
+                                       return _('Invalid IPv6 address');
+                       }
+
+                       if (m[3] != null) {
+                               if (!validation.parseIPv4(m[3])) {
+                                       if (!(m[3].length <= 253 &&
+                                             (m[3].match(/^[a-zA-Z0-9_]+$/) != null ||
+                                              (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
+                                               m[3].match(/[^0-9.]/)))))
+                                               return _('Invalid hostname or IPv4 address');
+                               }
+                       }
+
+                       if (m[4] != null) {
+                               var p = +m[4];
+
+                               if (p < 0 || p > 65535)
+                                       return _('Invalid port');
+                       }
+
+                       return true;
+               };
 
                o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
                o.placeholder = '443';
@@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', {
 
                o = s.taboption('general', form.Value, 'password2', _('Password2'));
                o.password = true;
-       
+
                o = s.taboption('general', form.Value, 'proxy', _('Proxy Server'));
                o.optional = true;
 
@@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', {
                o.optional = true;
                o.placeholder = 1406;
                o.datatype = 'range(68, 9200)';
-               
+
                o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout'));
                o.optional = true;
                o.placeholder = 300;