diff options
author | enahum <nahumhbl@gmail.com> | 2016-08-30 14:40:30 -0300 |
---|---|---|
committer | Joram Wilander <jwawilander@gmail.com> | 2016-08-30 13:40:30 -0400 |
commit | 18808faead1b7bcdf27dab06e2ffcda1f0680979 (patch) | |
tree | 6a657befe66874598305bad2850c4a62c63e1764 /api | |
parent | 6c8746dbdc01e5f2b79152e2e495e914c5a9743d (diff) | |
download | chat-18808faead1b7bcdf27dab06e2ffcda1f0680979.tar.gz chat-18808faead1b7bcdf27dab06e2ffcda1f0680979.tar.bz2 chat-18808faead1b7bcdf27dab06e2ffcda1f0680979.zip |
PLT-3994 Fix OAuth2: Properly handle allowing an app fails (#3888)
* PLT-3994 Fix OAuth2: Properly handle allowing an app fails
* Remove Content-Type from allowOAuth
Diffstat (limited to 'api')
-rw-r--r-- | api/oauth.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/api/oauth.go b/api/oauth.go index d2a6dd9d4..d3495895f 100644 --- a/api/oauth.go +++ b/api/oauth.go @@ -152,24 +152,26 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - w.Header().Set("Content-Type", "application/x-www-form-urlencoded") responseData := map[string]string{} responseType := r.URL.Query().Get("response_type") if len(responseType) == 0 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_response.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest return } clientId := r.URL.Query().Get("client_id") if len(clientId) != 26 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_client.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest return } redirectUri := r.URL.Query().Get("redirect_uri") if len(redirectUri) == 0 { c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_redirect.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest return } @@ -191,6 +193,7 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) { if !app.IsValidRedirectURL(redirectUri) { c.LogAudit("fail - redirect_uri did not match registered callback") c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "") + c.Err.StatusCode = http.StatusBadRequest return } @@ -226,7 +229,6 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("success") responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State) - w.Header().Set("Content-Type", "application/json") w.Write([]byte(model.MapToJson(responseData))) } |