mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fail if the response type is not properly set 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-05-16 11:24:48 +02:00
parent 000cf1951c
commit a04ea70fca
No known key found for this signature in database
GPG Key ID: F941078878347C0C
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
apps/oauth2/lib/Controller/LoginRedirectorController.php
View File

@ -61,11 +61,20 @@ class LoginRedirectorController extends Controller {
* *
* @param string $client_id * @param string $client_id
* @param string $state * @param string $state
* @param string $response_type
* @return RedirectResponse * @return RedirectResponse
*/ */
public function authorize($client_id, public function authorize($client_id,
$state) { $state,
$response_type) {
$client = $this->clientMapper->getByIdentifier($client_id); $client = $this->clientMapper->getByIdentifier($client_id);
if ($response_type !== 'code') {
//Fail
$url = $client->getRedirectUri() . '?error=unsupported_response_type&state=' . $state;
return new RedirectResponse($url);
}
$this->session->set('oauth.state', $state); $this->session->set('oauth.state', $state);
$targetUrl = $this->urlGenerator->linkToRouteAbsolute( $targetUrl = $this->urlGenerator->linkToRouteAbsolute(