mirror
/
gitea
mirror of https://github.com/go-gitea/gitea
2
0
Fork 0
Code Issues Releases Wiki Activity

Add comment for ContainsRedirectURI about the exact match (#30457)

Browse Source 
Close #26897
Replace #30336
pull/30456/head^2
wxiaoguang 8 months ago committed by GitHub
parent c28bed27af
commit 92e27e15c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      models/auth/oauth2.go

5
models/auth/oauth2.go
Unescape View File

@ -137,6 +137,11 @@ func (app *OAuth2Application) TableName() string {
// ContainsRedirectURI checks if redirectURI is allowed for app // ContainsRedirectURI checks if redirectURI is allowed for app
func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool { func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
// OAuth2 requires the redirect URI to be an exact match, no dynamic parts are allowed.
// https://stackoverflow.com/questions/55524480/should-dynamic-query-parameters-be-present-in-the-redirection-uri-for-an-oauth2
// https://www.rfc-editor.org/rfc/rfc6819#section-5.2.3.3
// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-12#section-3.1
contains := func(s string) bool { contains := func(s string) bool {
s = strings.TrimSuffix(strings.ToLower(s), "/") s = strings.TrimSuffix(strings.ToLower(s), "/")
for _, u := range app.RedirectURIs { for _, u := range app.RedirectURIs {

Write Preview
Loading…
Cancel
Save