luci-proto-openconnect: fix server url validation

The OpenConnect configuration form incorrectly assumed that the server
setting must be hostname while it actually may be a full URL.

Fixes: #6184
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b200e0e90fdfb294cd31870eb32b6b362ded3733)

diff --git a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
index 91ad65cb342cf5dd230171512334f63567d93c9c..e38afdc201c17eaeb7f90c0b6a5a202bd1e66ce7 100644 (file)
--- a/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
+++ b/protocols/luci-proto-openconnect/htdocs/luci-static/resources/protocol/openconnect.js
@@ -2,6 +2,7 @@
 'require rpc';
 'require form';
 'require network';
+'require validation';
 
 var callGetCertificateFiles = rpc.declare({
        object: 'luci.openconnect',
@@ -100,7 +101,41 @@ return network.registerProtocol('openconnect', {
                o.value('pulse', 'Pulse Connect Secure SSL VPN');
 
                o = s.taboption('general', form.Value, 'server', _('VPN Server'));
-               o.datatype = 'host(0)';
+               o.validate = function(section_id, value) {
+                       var m = String(value).match(/^(?:(\w+):\/\/|)(?:\[([0-9a-f:.]{2,45})\]|([^\/:]+))(?::([0-9]{1,5}))?(?:\/.*)?$/i);
+
+                       if (!m)
+                               return _('Invalid server URL');
+
+                       if (m[1] != null) {
+                               if (!m[1].match(/^(?:http|https|socks|socks4|socks5)$/i))
+                                       return _('Unsupported protocol');
+                       }
+
+                       if (m[2] != null) {
+                               if (!validation.parseIPv6(m[2]))
+                                       return _('Invalid IPv6 address');
+                       }
+
+                       if (m[3] != null) {
+                               if (!validation.parseIPv4(m[3])) {
+                                       if (!(m[3].length <= 253 &&
+                                             (m[3].match(/^[a-zA-Z0-9_]+$/) != null ||
+                                              (m[3].match(/^[a-zA-Z0-9_][a-zA-Z0-9_\-.]*[a-zA-Z0-9]$/) &&
+                                               m[3].match(/[^0-9.]/)))))
+                                               return _('Invalid hostname or IPv4 address');
+                               }
+                       }
+
+                       if (m[4] != null) {
+                               var p = +m[4];
+
+                               if (p < 0 || p > 65535)
+                                       return _('Invalid port');
+                       }
+
+                       return true;
+               };
 
                o = s.taboption('general', form.Value, 'port', _('VPN Server port'));
                o.placeholder = '443';
@@ -116,7 +151,7 @@ return network.registerProtocol('openconnect', {
 
                o = s.taboption('general', form.Value, 'password2', _('Password2'));
                o.password = true;
-       
+
                o = s.taboption('general', form.Value, 'proxy', _('Proxy Server'));
                o.optional = true;
 
@@ -160,7 +195,7 @@ return network.registerProtocol('openconnect', {
                o.optional = true;
                o.placeholder = 1406;
                o.datatype = 'range(68, 9200)';
-               
+
                o = s.taboption('advanced', form.Value, 'reconnect_timeout', _('Reconnect Timeout'));
                o.optional = true;
                o.placeholder = 300;