allow whitelisting target_origin in Travis.config

2013-08-19 17:49:39 +02:00 · 2013-08-19 17:49:39 +02:00 · 9a4b2b8e99
commit 9a4b2b8e99
parent 1701ea0093
2 changed files with 8 additions and 3 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -37,8 +37,7 @@ GIT

 GIT
  remote: git://github.com/travis-ci/travis-core.git
-  revision: 93b4779b1e5cb0c1211bf095856eb21ccc655423
-  ref: master-2014-10-06
+  revision: 35f690bfb12bb0bef90297783e7c7ab15048dfc0
  specs:
    travis-core (0.0.1)
      actionmailer (~> 3.2.19)
--- a/lib/travis/api/app/endpoint/authorization.rb
+++ b/lib/travis/api/app/endpoint/authorization.rb
@ -324,7 +324,9 @@ class Travis::Api::App

        def target_ok?(target_origin)
          return unless uri = Addressable::URI.parse(target_origin)
-          if uri.host =~ /\A(.+\.)?travis-ci\.(com|org)\Z/
+          if allowed_https_targets.include?(uri.host)
+            uri.scheme == 'https'
+          elsif uri.host =~ /\A(.+\.)?travis-ci\.(com|org)\Z/
            uri.scheme == 'https'
          elsif uri.host =~ /\A(.+\.)?travis-lite\.com\Z/
            uri.scheme == 'https'
@ -332,6 +334,10 @@ class Travis::Api::App
            uri.port > 1023
          end
        end
+
+        def allowed_https_targets
+          @allowed_https_targets ||= Travis.config.auth.api.target_origin.split(',')
+        end
    end
  end
 end