Merge pull request #466 from zendesk/validate-zendesk-subdomain

Author: thekindofme

src/Zendesk/API/Utilities/OAuth.php

@@ -2,6 +2,7 @@
 
 namespace Zendesk\API\Utilities;
 
+use InvalidArgumentException;
 use GuzzleHttp\Client;
 use GuzzleHttp\Exception\RequestException;
 use GuzzleHttp\Psr7\Request;
@@ -22,6 +23,7 @@ class OAuth
      */
     public static function getAccessToken(Client $client, $subdomain, array $params, $domain = 'zendesk.com')
     {
+        static::validateSubdomain($subdomain);
         $authUrl  = "https://$subdomain.$domain/oauth/tokens";
 
         // Fetch access_token
@@ -55,6 +57,7 @@ public static function getAccessToken(Client $client, $subdomain, array $params,
      */
     public static function getAuthUrl($subdomain, array $options, $domain = 'zendesk.com')
     {
+        static::validateSubdomain($subdomain);
         $queryParams = [
             'response_type' => 'code',
             'client_id'    => null,
@@ -71,4 +74,17 @@ public static function getAuthUrl($subdomain, array $options, $domain = 'zendesk
 
         return $oAuthUrl;
     }
+
+    /**
+     * Validate subdomain
+     *
+     * @param string $subdomain
+     * @throws InvalidArgumentException
+     */
+    private static function validateSubdomain($subdomain)
+    {
+        if (! preg_match('/^[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?$/', $subdomain)) {
+            throw new InvalidArgumentException('Invalid Zendesk subdomain.');
+        }
+    }
 }