From 5a0eb8134054d630a3eac105de81e4016bbb91e7 Mon Sep 17 00:00:00 2001
From: Revant Nandgaonkar <revant@users.noreply.github.com>
Date: Mon, 12 Jun 2017 16:12:49 +0530
Subject: [PATCH] [fix] OAuth2 Frappe Server URL Validation (#3397)

* [fix] OAuth2 Frappe Server URL Validation

Only request and validate the frappe_server_url if hostname is not equal to frappe_server_hostname
request.get to localhost by using hostname results into timeout

* check domains in local.conf.domains as well

* removed unused variable as per codacy
---
 .../social_login_keys/social_login_keys.py    | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/frappe/integrations/doctype/social_login_keys/social_login_keys.py b/frappe/integrations/doctype/social_login_keys/social_login_keys.py
index 5a4f662a99..693bce679b 100644
--- a/frappe/integrations/doctype/social_login_keys/social_login_keys.py
+++ b/frappe/integrations/doctype/social_login_keys/social_login_keys.py
@@ -5,10 +5,17 @@
 
 from __future__ import unicode_literals
 import frappe
+import requests
+import socket
 
 from frappe.model.document import Document
 from frappe import _
 
+try:
+	from urllib.parse import urlparse
+except ImportError:
+	from urlparse import urlparse
+
 class SocialLoginKeys(Document):
 	def validate(self):
 		self.validate_frappe_server_url()
@@ -17,10 +24,16 @@ class SocialLoginKeys(Document):
 		if self.frappe_server_url:
 			if self.frappe_server_url.endswith('/'):
 				self.frappe_server_url = self.frappe_server_url[:-1]
-			import requests
+
 			try:
-				r = requests.get(self.frappe_server_url + "/api/method/frappe.handler.version", timeout=5)
+				frappe_server_hostname = urlparse(self.frappe_server_url).netloc
 			except:
-				frappe.throw(_("Unable to make request to the Frappe Server URL"))
-			if r.status_code != 200:
 				frappe.throw(_("Check Frappe Server URL"))
+
+			if socket.gethostname() != frappe_server_hostname or \
+				(frappe.local.conf.domains is not None) and \
+				(frappe_server_hostname not in frappe.local.conf.domains):
+				try:
+					requests.get(self.frappe_server_url + "/api/method/frappe.handler.version", timeout=5)
+				except:
+					frappe.throw(_("Unable to make request to the Frappe Server URL"))