fix: resolve nil pointer panic in Authorize

When ParseAuthorizeRequest received an invalid URL, for example containing a semi-colon `;`, AuthRequestError used to panic. This was because a typed nil was passed as a interface argument. The nil check inside AuthRequestError always resulted in false, allowing access through the nil pointer. Fixes #315
2023-04-04 11:09:02 +02:00 · 2023-04-04 11:09:02 +02:00 · e8859f8357
commit e8859f8357
parent 211b17589e
2 changed files with 30 additions and 55 deletions
--- a/pkg/op/auth_request.go
+++ b/pkg/op/auth_request.go
@ -68,7 +68,7 @@ func authorizeCallbackHandler(authorizer Authorizer) func(http.ResponseWriter, *
 func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer) {
 	authReq, err := ParseAuthorizeRequest(r, authorizer.Decoder())
 	if err != nil {
-		AuthRequestError(w, r, authReq, err, authorizer.Encoder())
+		AuthRequestError(w, r, nil, err, authorizer.Encoder())
 		return
 	}
 	ctx := r.Context()