[pocketbase#3689] relaxed the OAuth2 redirect url validation to allow…

… any string value

Co-authored-by: sergeypdev <[email protected]>

CHANGELOG.md

@@ -1,3 +1,13 @@
+## v0.19.3
+
+- Added the release notes to the console output of `./pocketbase update` ([#3685](https://github.com/pocketbase/pocketbase/discussions/3685)).
+
+- Added missing documention for the JSVM `$mails.*` bindings.
+
+- Relaxed the OAuth2 redirect url validation to allow any string value ([#3689](https://github.com/pocketbase/pocketbase/pull/3689); thanks @sergeypdev).
+  _Note that the redirect url format is still bound to the accepted values by the specific OAuth2 provider._
+
+
 ## v0.19.2
 
 - Updated the JSVM generated types ([#3627](https://github.com/pocketbase/pocketbase/issues/3627), [#3662](https://github.com/pocketbase/pocketbase/issues/3662)).

forms/record_oauth2_login.go

@@ -7,7 +7,6 @@ import (
 	"time"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/go-ozzo/ozzo-validation/v4/is"
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/daos"
 	"github.com/pocketbase/pocketbase/models"
@@ -89,7 +88,7 @@ func (form *RecordOAuth2Login) Validate() error {
 		validation.Field(&form.Provider, validation.Required, validation.By(form.checkProviderName)),
 		validation.Field(&form.Code, validation.Required),
 		validation.Field(&form.CodeVerifier, validation.Required),
-		validation.Field(&form.RedirectUrl, validation.Required, is.URL),
+		validation.Field(&form.RedirectUrl, validation.Required),
 	)
 }
 

forms/record_oauth2_login_test.go

@@ -49,6 +49,12 @@ func TestUserOauth2LoginValidate(t *testing.T) {
 			`{"provider":"gitlab","code":"123","codeVerifier":"123","redirectUrl":"https://example.com"}`,
 			[]string{},
 		},
+		{
+			"[#3689] any redirectUrl value",
+			"users",
+			`{"provider":"gitlab","code":"123","codeVerifier":"123","redirectUrl":"something"}`,
+			[]string{},
+		},
 	}
 
 	for _, s := range scenarios {