tbelway/immich
1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2026-04-17 08:01:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: oauth issuerUrl validation (#27848)

Browse Source
This commit is contained in:
bo0tzz 2026-04-16 15:06:55 +02:00 committed by GitHub
parent 20ddf2e7d2
commit facd3bd331
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/src/dtos/system-config.dto.ts
View File

@ -181,7 +181,12 @@ const SystemConfigOAuthSchema = z
timeout: z.int().min(1).describe('Timeout'),
defaultStorageQuota: z.number().min(0).nullable().describe('Default storage quota'),
enabled: configBool.describe('Enabled'),
issuerUrl: z.string().describe('Issuer URL'),
issuerUrl: z
.string()
.refine((url) => url.length === 0 || z.url().safeParse(url).success, {
error: 'Issuer URL must be an empty string or a valid URL',
})
.describe('Issuer URL'),
scope: z.string().describe('Scope'),
signingAlgorithm: z.string().describe('Signing algorithm'),
profileSigningAlgorithm: z.string().describe('Profile signing algorithm'),

9
server/src/services/system-config.service.spec.ts
View File

@ -307,6 +307,15 @@ describe(SystemConfigService.name, () => {
});
});
it('should reject an invalid issuer URL', async () => {
mocks.config.getEnv.mockReturnValue(mockEnvData({ configFile: 'immich-config.json' }));
mocks.systemMetadata.readFile.mockResolvedValue(JSON.stringify({ oauth: { issuerUrl: 'accounts.google.com' } }));
await expect(sut.getSystemConfig()).rejects.toThrow(
'[oauth.issuerUrl] Issuer URL must be an empty string or a valid URL',
);
});
it('should reject invalid cron expressions', async () => {
mocks.config.getEnv.mockReturnValue(mockEnvData({ configFile: 'immich-config.json' }));
mocks.systemMetadata.readFile.mockResolvedValue(JSON.stringify({ library: { scan: { cronExpression: 'foo' } } }));