diff options
Diffstat (limited to 'app/oauth.go')
-rw-r--r-- | app/oauth.go | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/app/oauth.go b/app/oauth.go index be0535f35..6e411138b 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -6,7 +6,6 @@ package app import ( "bytes" b64 "encoding/base64" - "fmt" "io" "io/ioutil" "net/http" @@ -133,7 +132,7 @@ func (a *App) AllowOAuthAppAccessToUser(userId string, authRequest *model.Author } authData := &model.AuthData{UserId: userId, ClientId: authRequest.ClientId, CreateAt: model.GetMillis(), RedirectUri: authRequest.RedirectUri, State: authRequest.State, Scope: authRequest.Scope} - authData.Code = utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId)) + authData.Code = model.NewId() + model.NewId() // this saves the OAuth2 app as authorized authorizedApp := model.Preference{ @@ -191,10 +190,6 @@ func (a *App) GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.redirect_uri.app_error", nil, "", http.StatusBadRequest) } - if code != utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) { - return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest) - } - if result := <-a.Srv.Store.User().Get(authData.UserId); result.Err != nil { return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal_user.app_error", nil, "", http.StatusNotFound) } else { |