Skip to content

Add instanceUrl validation #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wangxinlei wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Add instanceUrl validation #28

wangxinlei wants to merge 15 commits into from

Conversation

@wangxinlei
Copy link
Contributor

@wangxinlei wangxinlei commented Dec 4, 2020

This is an in-addition protection besides the dialog UI validation and is necessary.

wangxinlei and others added 15 commits November 25, 2020 10:03
@wangxinlei
Modify oauthConig.
40a675b
@wangxinlei
Remove instanceUrl from requiredAttrlist, move custom domain field to
118060a 
Adv tab.
@wangxinlei
Remove instanceUrl from requiredAttrlist, move custom domain field to
3bb3191 
Adv tab.
@wangxinlei
Merge branch 'master' of https://github.com/wangxinlei/tableau-connector
3d50213 
 into master
@wangxinlei
Update connection-fields.xml
1e698ec
@wangxinlei
Update connection-fields.xml
830035e
@wangxinlei
Update connection-fields.xml
0ce31a4
@wangxinlei
Update connection-builder.js
4c304b5 
Change auth mode name for backward compatibility.
@wangxinlei
Merge branch 'master' of https://github.com/databricks/tableau-connector
7cc9ae0 
 into master
@wangxinlei
Change instanceurl from Advanced to Authentication
c75d35e
@wangxinlei
Merge branch 'master' of https://github.com/wangxinlei/tableau-connector
7691fdf 
 into master
@wangxinlei
Add instanceUrl validation.
3092a3f
@wangxinlei
Merge branch 'master' of https://github.com/databricks/tableau-connector
5e2cc89 
 into master
@wangxinlei
Update oauth-config.xml
e66fde7
@wangxinlei
Merge remote-tracking branch 'upstream/master' into master
4029df2 
Merge remote.
wangxinlei
wangxinlei commented Apr 15, 2021
View reviewed changes
tableau-databricks/oauth-config.xml

<authUri>/oauth2/v2.0/authorize</authUri>
<tokenUri>/oauth2/v2.0/token</tokenUri>
<instanceUrlValidationRegex>^https:\/\/([a-zA-Z0-9-.]+\.)?((microsoftonline\.(com|us|cn|de))|chinacloudapi\.cn)\/(.*)</instanceUrlValidationRegex>
Copy link
Contributor Author

@wangxinlei wangxinlei Apr 15, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for additional security enhancement to guarantee we will not go to a malicious url even someone open the twb and manually change the instanceUrl and send to a victim.

tableau-databricks/oauth-config.xml

<capabilities>
<entry>
<key>OAUTH_CAP_REQUIRES_PROMPT_SELECT_ACCOUNT</key>
Copy link
Contributor Author

@wangxinlei wangxinlei Apr 15, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for always prompt user to select an account instead of directly log them in if they're already logged in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wangxinlei