From 18808faead1b7bcdf27dab06e2ffcda1f0680979 Mon Sep 17 00:00:00 2001
From: enahum <nahumhbl@gmail.com>
Date: Tue, 30 Aug 2016 14:40:30 -0300
Subject: PLT-3994 Fix OAuth2: Properly handle allowing an app fails (#3888)

* PLT-3994 Fix OAuth2: Properly handle allowing an app fails

* Remove Content-Type from allowOAuth
---
 api/oauth.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'api/oauth.go')

diff --git a/api/oauth.go b/api/oauth.go
index d2a6dd9d4..d3495895f 100644
--- a/api/oauth.go
+++ b/api/oauth.go
@@ -152,24 +152,26 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	c.LogAudit("attempt")
 
-	w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
 	responseData := map[string]string{}
 
 	responseType := r.URL.Query().Get("response_type")
 	if len(responseType) == 0 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_response.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
 	clientId := r.URL.Query().Get("client_id")
 	if len(clientId) != 26 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_client.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
 	redirectUri := r.URL.Query().Get("redirect_uri")
 	if len(redirectUri) == 0 {
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_redirect.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
@@ -191,6 +193,7 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	if !app.IsValidRedirectURL(redirectUri) {
 		c.LogAudit("fail - redirect_uri did not match registered callback")
 		c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "")
+		c.Err.StatusCode = http.StatusBadRequest
 		return
 	}
 
@@ -226,7 +229,6 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	c.LogAudit("success")
 
 	responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State)
-	w.Header().Set("Content-Type", "application/json")
 	w.Write([]byte(model.MapToJson(responseData)))
 }
 
-- 
cgit v1.2.3-1-g7c22