fix redirect uri error
This commit is contained in:
Livio Amstutz
parent
2b36498365
commit
7210be8e4b
2 changed files with 19 additions and 11 deletions
|
|
@ -105,14 +105,14 @@ func ValidateAuthReqScopes(scopes []string) error {
|
|||
|
||||
func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.ResponseType, storage OPStorage) error {
|
||||
if uri == "" {
|
||||
return ErrInvalidRequest("redirect_uri must not be empty")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri must not be empty")
|
||||
}
|
||||
client, err := storage.GetClientByClientID(client_id)
|
||||
if err != nil {
|
||||
return ErrServerError(err.Error())
|
||||
}
|
||||
if !utils.Contains(client.RedirectURIs(), uri) {
|
||||
return ErrInvalidRequest("redirect_uri not allowed")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed")
|
||||
}
|
||||
if strings.HasPrefix(uri, "https://") {
|
||||
return nil
|
||||
|
|
@ -127,10 +127,10 @@ func ValidateAuthReqRedirectURI(uri, client_id string, responseType oidc.Respons
|
|||
return ErrInvalidRequest("redirect_uri not allowed 2")
|
||||
} else {
|
||||
if client.ApplicationType() != ApplicationTypeNative {
|
||||
return ErrInvalidRequest("redirect_uri not allowed 3")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed 3")
|
||||
}
|
||||
if !(strings.HasPrefix(uri, "http://localhost:") || strings.HasPrefix(uri, "http://localhost/")) {
|
||||
return ErrInvalidRequest("redirect_uri not allowed 4")
|
||||
return ErrInvalidRequestRedirectURI("redirect_uri not allowed 4")
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -22,6 +22,13 @@ var (
|
|||
Description: description,
|
||||
}
|
||||
}
|
||||
ErrInvalidRequestRedirectURI = func(description string) *OAuthError {
|
||||
return &OAuthError{
|
||||
ErrorType: InvalidRequest,
|
||||
Description: description,
|
||||
redirectDisabled: true,
|
||||
}
|
||||
}
|
||||
ErrServerError = func(description string) *OAuthError {
|
||||
return &OAuthError{
|
||||
ErrorType: ServerError,
|
||||
|
|
@ -43,10 +50,6 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq
|
|||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
if authReq.GetRedirectURI() == "" {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
e, ok := err.(*OAuthError)
|
||||
if !ok {
|
||||
e = new(OAuthError)
|
||||
|
|
@ -54,6 +57,10 @@ func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthReq
|
|||
e.Description = err.Error()
|
||||
}
|
||||
e.state = authReq.GetState()
|
||||
if authReq.GetRedirectURI() == "" || e.redirectDisabled {
|
||||
http.Error(w, e.Description, http.StatusBadRequest)
|
||||
return
|
||||
}
|
||||
params, err := utils.URLEncodeResponse(e, encoder)
|
||||
if err != nil {
|
||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||
|
|
@ -84,6 +91,7 @@ type OAuthError struct {
|
|||
ErrorType errorType `json:"error" schema:"error"`
|
||||
Description string `json:"description" schema:"description"`
|
||||
state string `json:"state" schema:"state"`
|
||||
redirectDisabled bool
|
||||
}
|
||||
|
||||
func (e *OAuthError) Error() string {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue