diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-18 15:28:47 +0200 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-18 15:28:47 +0200 |
| commit | cc057e07579f290eb1db8bdf348cb2e5ba760ab3 (patch) | |
| tree | e03485987993ecd57f6ae2bbdf48aedcb3f8366c | |
| parent | 11a1703795d5ca3589252df5fc627c185d355040 (diff) | |
OAuth: Do not use url.Values Has(), only use Get()
Has() was only added in Go 1.17
| -rw-r--r-- | internal/oauth/oauth.go | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index 44fac10..6ac773c 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -307,8 +307,8 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { // ISS: https://www.rfc-editor.org/rfc/rfc9207.html // TODO: Make this a required parameter in the future urlQuery := req.URL.Query() - if urlQuery.Has("iss") { - extractedISS := urlQuery.Get("iss") + extractedISS := urlQuery.Get("iss") + if extractedISS != "" { if oauth.Session.ISS != extractedISS { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, @@ -321,7 +321,8 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { // Make sure the state is present and matches to protect against cross-site request forgeries // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-04#section-7.15 - if !urlQuery.Has("state") { + extractedState := urlQuery.Get("state") + if extractedState == "" { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, Err: &OAuthCallbackParameterError{Parameter: "state", URL: req.URL.String()}, @@ -329,7 +330,6 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { return } // The state is the first entry - extractedState := urlQuery.Get("state") if extractedState != oauth.Session.State { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, @@ -342,15 +342,14 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { } // No authorization code - if !urlQuery.Has("code") { + extractedCode := urlQuery.Get("code") + if extractedCode == "" { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, Err: &OAuthCallbackParameterError{Parameter: "code", URL: req.URL.String()}, } return } - // The code is the first entry - extractedCode := urlQuery.Get("code") // Now that we have obtained the authorization code, we can move to the next step: // Obtaining the access and refresh tokens |