diff options
author | Joram Wilander <jwawilander@gmail.com> | 2017-10-04 11:05:36 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-04 11:05:36 -0400 |
commit | f94b807f3973d824d8512c94e2a49b510005e56f (patch) | |
tree | a065ba5a0a913259efb5f2b28660842f6304601b /app/oauth.go | |
parent | e05edf85cfc0c16f3232a53c106f613ab366f11a (diff) | |
download | chat-f94b807f3973d824d8512c94e2a49b510005e56f.tar.gz chat-f94b807f3973d824d8512c94e2a49b510005e56f.tar.bz2 chat-f94b807f3973d824d8512c94e2a49b510005e56f.zip |
PLT-7782 Fix for OAuth (#7566)
* Fix for oauth
* Fix test
Diffstat (limited to 'app/oauth.go')
-rw-r--r-- | app/oauth.go | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/app/oauth.go b/app/oauth.go index be0535f35..6e411138b 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -6,7 +6,6 @@ package app import ( "bytes" b64 "encoding/base64" - "fmt" "io" "io/ioutil" "net/http" @@ -133,7 +132,7 @@ func (a *App) AllowOAuthAppAccessToUser(userId string, authRequest *model.Author } authData := &model.AuthData{UserId: userId, ClientId: authRequest.ClientId, CreateAt: model.GetMillis(), RedirectUri: authRequest.RedirectUri, State: authRequest.State, Scope: authRequest.Scope} - authData.Code = utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId)) + authData.Code = model.NewId() + model.NewId() // this saves the OAuth2 app as authorized authorizedApp := model.Preference{ @@ -191,10 +190,6 @@ func (a *App) GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.redirect_uri.app_error", nil, "", http.StatusBadRequest) } - if code != utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) { - return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest) - } - if result := <-a.Srv.Store.User().Get(authData.UserId); result.Err != nil { return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal_user.app_error", nil, "", http.StatusNotFound) } else { |