From 840892ab887680935df516f6942eb3563b7bf96b Mon Sep 17 00:00:00 2001
From: JoramWilander <jwawilander@gmail.com>
Date: Wed, 7 Feb 2018 16:21:22 -0500
Subject: Increase OAuth2 state parameter limit

---
 model/authorize.go            | 2 +-
 model/authorize_test.go       | 2 +-
 store/sqlstore/oauth_store.go | 2 +-
 store/sqlstore/upgrade.go     | 1 +
 4 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/model/authorize.go b/model/authorize.go
index 2296e7e22..9fd5afa70 100644
--- a/model/authorize.go
+++ b/model/authorize.go
@@ -62,7 +62,7 @@ func (ad *AuthData) IsValid() *AppError {
 		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.redirect_uri.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
 	}
 
-	if len(ad.State) > 128 {
+	if len(ad.State) > 1024 {
 		return NewAppError("AuthData.IsValid", "model.authorize.is_valid.state.app_error", nil, "client_id="+ad.ClientId, http.StatusBadRequest)
 	}
 
diff --git a/model/authorize_test.go b/model/authorize_test.go
index 3f43a4fc3..81e059305 100644
--- a/model/authorize_test.go
+++ b/model/authorize_test.go
@@ -115,7 +115,7 @@ func TestAuthIsValid(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	ad.Scope = NewRandomString(129)
+	ad.Scope = NewRandomString(1025)
 	if err := ad.IsValid(); err == nil {
 		t.Fatal("Should have failed invalid Scope")
 	}
diff --git a/store/sqlstore/oauth_store.go b/store/sqlstore/oauth_store.go
index 30a44b75f..0a9bd8266 100644
--- a/store/sqlstore/oauth_store.go
+++ b/store/sqlstore/oauth_store.go
@@ -35,7 +35,7 @@ func NewSqlOAuthStore(sqlStore SqlStore) store.OAuthStore {
 		tableAuth.ColMap("ClientId").SetMaxSize(26)
 		tableAuth.ColMap("Code").SetMaxSize(128)
 		tableAuth.ColMap("RedirectUri").SetMaxSize(256)
-		tableAuth.ColMap("State").SetMaxSize(128)
+		tableAuth.ColMap("State").SetMaxSize(1024)
 		tableAuth.ColMap("Scope").SetMaxSize(128)
 
 		tableAccess := db.AddTableWithName(model.AccessData{}, "OAuthAccessData").SetKeys(false, "Token")
diff --git a/store/sqlstore/upgrade.go b/store/sqlstore/upgrade.go
index 0de91f28b..7c1522f25 100644
--- a/store/sqlstore/upgrade.go
+++ b/store/sqlstore/upgrade.go
@@ -343,6 +343,7 @@ func UpgradeDatabaseToVersion46(sqlStore SqlStore) {
 func UpgradeDatabaseToVersion47(sqlStore SqlStore) {
 	if shouldPerformUpgrade(sqlStore, VERSION_4_6_0, VERSION_4_7_0) {
 		sqlStore.AlterColumnTypeIfExists("Users", "Position", "varchar(128)", "varchar(128)")
+		sqlStore.AlterColumnTypeIfExists("OAuthAuthData", "State", "varchar(1024)", "varchar(1024)")
 		saveSchemaVersion(sqlStore, VERSION_4_7_0)
 	}
 }
-- 
cgit v1.2.3-1-g7c22