From eaf712b479ece3b166f701f7211c923bfd7b7d7a Mon Sep 17 00:00:00 2001
From: Noah Miller <nm@lemnisc.us>
Date: Fri, 27 Jan 2023 11:53:06 -0800
Subject: [PATCH] Reduce unneeded DNS queries during OAuth flow

---
 .../Api4/Action/OAuthClient/AuthorizationCode.php | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php b/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php
index f9c896a5b0b3..73a01aaf0f4e 100644
--- a/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php
+++ b/ext/oauth-client/Civi/Api4/Action/OAuthClient/AuthorizationCode.php
@@ -91,20 +91,19 @@ protected function validate() {
     parent::validate();
     if ($this->landingUrl) {
       $landingUrlParsed = parse_url($this->landingUrl);
-      $landingUrlIp = gethostbyname($landingUrlParsed['host']);
+      $landingUrlIp = gethostbyname($landingUrlParsed['host'] . '.');
       $allowedBases = [
         \Civi::paths()->getVariable('cms.root', 'url'),
         \Civi::paths()->getVariable('civicrm.root', 'url'),
       ];
-      $ok = max(array_map(function($allowed) use ($landingUrlParsed, $landingUrlIp) {
+      foreach ($allowedBases as $allowed) {
         $allowedParsed = parse_url($allowed);
-        $allowedIp = gethostbyname($allowedParsed['host']);
-        $ok = $landingUrlIp === $allowedIp && $landingUrlParsed['scheme'] == $allowedParsed['scheme'];
-        return (int) $ok;
-      }, $allowedBases));
-      if (!$ok) {
-        throw new OAuthException("Cannot initiate OAuth. Unsupported landing URL.");
+        $allowedIp = gethostbyname($allowedParsed['host'] . '.');
+        if ($landingUrlIp === $allowedIp && $landingUrlParsed['scheme'] == $allowedParsed['scheme']) {
+          return;
+        }
       }
+      throw new OAuthException("Cannot initiate OAuth. Unsupported landing URL.");
     }
   }