Allow any valid (per RFC 3986) scheme name in OAuth callback URLs

Changed the callback_url regex so that you can have custom schemes such
as myapp: or my-lovely-app: instead of just http and https. This should
help with mobile development where users can authorize with OSM in their
browser and are automatically redirected to the registered app.

diff --git a/app/models/client_application.rb b/app/models/client_application.rb
index 09eec40d3e5f020a4445282a485a312d98a6590c..63c46a46fd9bf5eef548552106a9d3780c68d460 100644 (file)
--- a/app/models/client_application.rb
+++ b/app/models/client_application.rb
@@ -9,7 +9,7 @@ class ClientApplication < ActiveRecord::Base
   
   validates_format_of :url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i
   validates_format_of :support_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
-  validates_format_of :callback_url, :with => /\Ahttp(s?):\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
+  validates_format_of :callback_url, :with => /\A([a-z]){1}([\w0-9\.\+\-])*:\/\/(\w+:{0,1}\w*@)?(\S+)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@!\-\/]))?/i, :allow_blank=>true
 
   attr_accessor :token_callback_url