From fab9c7dea8b73180aae1425ac34b37514525077b Mon Sep 17 00:00:00 2001
From: dpap <dpangusandroid@gmail.com>
Date: Fri, 23 Feb 2018 00:45:17 +0200
Subject: [PATCH 1/2] Disable host url comparison temporarily

	modified:   routes/oauth2-routes.js

    Change-type: patch
    Signed-off-by: Dennis Papadimatos<dpangusandroid@gmail.com>
---
 routes/oauth2-routes.js | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/routes/oauth2-routes.js b/routes/oauth2-routes.js
index aedc4eb..cae768b 100644
--- a/routes/oauth2-routes.js
+++ b/routes/oauth2-routes.js
@@ -99,11 +99,13 @@ function oauth2Router(tokenconf, entityStorageConf) {
           return done(null, false);
         }
         console.log('client ' + JSON.stringify(client));
-        if (redirectURI === client.redirectURI) {
+        console.log("same uri =" + (redirectURI === client.redirectURI) );
+//        if (redirectURI === client.redirectURI) {
           return done(null, client, redirectURI);
-        } else {
-          return done(new Error("client URL doesn't match what was expected. Provided: " + redirectURI + " expected " + client.redirectURI), null);
-        }
+//        } else {
+//          return done(new Error("client URL doesn't match what was expected. $
+//        }
+
       });
     }, function (client, user, done) {
       console.log("authorization endpoint is called (either for implicit or authorization code) with client Id " + client.id + " for user id " + user.id + ". We always accept as long as client url matches");

From ff800f39f091b33ef30ec02ffb685bfefb6ace17 Mon Sep 17 00:00:00 2001
From: dpap <dpangusandroid@gmail.com>
Date: Mon, 26 Feb 2018 17:46:51 +0200
Subject: [PATCH 2/2] use container env var to control device level security

DISABLE_DEVICE_IP_MATCH=1 : device security off

Change-type: patch
Signed-off-by: Dennis Papadimatos<dpangusandroid@gmail.com>
---
 Dockerfile              | 1 +
 routes/oauth2-routes.js | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3abc428..5edca78 100755
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,4 +8,5 @@ RUN npm install
 EXPOSE 3000
 ENV DEBUG_IDM_WEB 1
 ENV DEBUG_IDM_CORE 1
+ENV DISABLE_DEVICE_IP_MATCH 0
 CMD ./Start.sh
diff --git a/routes/oauth2-routes.js b/routes/oauth2-routes.js
index cae768b..efbd9ec 100644
--- a/routes/oauth2-routes.js
+++ b/routes/oauth2-routes.js
@@ -100,11 +100,11 @@ function oauth2Router(tokenconf, entityStorageConf) {
         }
         console.log('client ' + JSON.stringify(client));
         console.log("same uri =" + (redirectURI === client.redirectURI) );
-//        if (redirectURI === client.redirectURI) {
+        if (redirectURI === client.redirectURI || process.env.DISABLE_DEVICE_IP_MATCH === "1"){
           return done(null, client, redirectURI);
-//        } else {
-//          return done(new Error("client URL doesn't match what was expected. $
-//        }
+        } else {
+          return done(new Error("client URL doesn't match what was expected. Provided: " + redirectURI + " expected " + client.redirectURI), null);
+        }
 
       });
     }, function (client, user, done) {