From bfb22506ff5f2c3db37eb7db7aa4089ac7ebbd7b Mon Sep 17 00:00:00 2001
From: Kamal Nasser <hello@kamal.io>
Date: Fri, 11 Oct 2019 15:39:57 +0300
Subject: [PATCH] allow redirects to whitelisted hosts with ports

---
 oauthproxy.go      | 2 +-
 oauthproxy_test.go | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/oauthproxy.go b/oauthproxy.go
index 01c18c39..dbcb42b7 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -505,7 +505,7 @@ func (p *OAuthProxy) IsValidRedirect(redirect string) bool {
 			return false
 		}
 		for _, domain := range p.whitelistDomains {
-			if (redirectURL.Host == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Host, domain)) {
+			if (redirectURL.Hostname() == domain) || (strings.HasPrefix(domain, ".") && strings.HasSuffix(redirectURL.Hostname(), domain)) {
 				return true
 			}
 		}
diff --git a/oauthproxy_test.go b/oauthproxy_test.go
index 8dd3adfb..d7774cc1 100644
--- a/oauthproxy_test.go
+++ b/oauthproxy_test.go
@@ -225,6 +225,12 @@ func TestIsValidRedirect(t *testing.T) {
 
 	invalidHTTPS2 := proxy.IsValidRedirect("https://evil.corp/redirect?rd=foo.bar")
 	assert.Equal(t, false, invalidHTTPS2)
+
+	validPort := proxy.IsValidRedirect("http://foo.bar:3838/redirect")
+	assert.Equal(t, true, validPort)
+
+	validPortSubdomain := proxy.IsValidRedirect("http://baz.bar.foo:3838/redirect")
+	assert.Equal(t, true, validPortSubdomain)
 }
 
 type TestProvider struct {