diff options
| author | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-17 11:14:22 +0200 |
|---|---|---|
| committer | jwijenbergh <jeroenwijenbergh@protonmail.com> | 2022-10-17 11:14:22 +0200 |
| commit | 51b536b45fce6bf2d7ec8bbfe6ce30faec11c88e (patch) | |
| tree | 697092e4883c1539a034f5ab18d4403e529a3080 /internal | |
| parent | 392d192aac8fdf7dd73903cfcd593e1146ee851f (diff) | |
OAuth: Use values Has and Get functions and check state after ISS
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/oauth/oauth.go | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go index 13911b9..44fac10 100644 --- a/internal/oauth/oauth.go +++ b/internal/oauth/oauth.go @@ -307,8 +307,8 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { // ISS: https://www.rfc-editor.org/rfc/rfc9207.html // TODO: Make this a required parameter in the future urlQuery := req.URL.Query() - if ISS, ok := urlQuery["iss"]; ok { - extractedISS := ISS[0] + if urlQuery.Has("iss") { + extractedISS := urlQuery.Get("iss") if oauth.Session.ISS != extractedISS { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, @@ -318,23 +318,10 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { } } - // Extract the authorization code - code, success := urlQuery["code"] - if !success { - oauth.Session.CallbackError = &types.WrappedErrorMessage{ - Message: errorMessage, - Err: &OAuthCallbackParameterError{Parameter: "code", URL: req.URL.String()}, - } - return - } - // The code is the first entry - extractedCode := code[0] // Make sure the state is present and matches to protect against cross-site request forgeries // https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-04#section-7.15 - state, success := urlQuery["state"] - - if !success { + if !urlQuery.Has("state") { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, Err: &OAuthCallbackParameterError{Parameter: "state", URL: req.URL.String()}, @@ -342,7 +329,7 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { return } // The state is the first entry - extractedState := state[0] + extractedState := urlQuery.Get("state") if extractedState != oauth.Session.State { oauth.Session.CallbackError = &types.WrappedErrorMessage{ Message: errorMessage, @@ -354,6 +341,17 @@ func (oauth *OAuth) Callback(w http.ResponseWriter, req *http.Request) { return } + // No authorization code + if !urlQuery.Has("code") { + oauth.Session.CallbackError = &types.WrappedErrorMessage{ + Message: errorMessage, + Err: &OAuthCallbackParameterError{Parameter: "code", URL: req.URL.String()}, + } + return + } + // The code is the first entry + extractedCode := urlQuery.Get("code") + // Now that we have obtained the authorization code, we can move to the next step: // Obtaining the access and refresh tokens getTokensErr := oauth.getTokensWithAuthCode(extractedCode) |