Changeset View
Changeset View
Standalone View
Standalone View
src/applications/oauthserver/PhabricatorOAuthServer.php
Show First 20 Lines • Show All 250 Lines • ▼ Show 20 Lines | public function validateSecondaryRedirectURI( | ||||
// Both URIs must have the same port | // Both URIs must have the same port | ||||
if ($secondary_uri->getPort() != $primary_uri->getPort()) { | if ($secondary_uri->getPort() != $primary_uri->getPort()) { | ||||
return false; | return false; | ||||
} | } | ||||
// Any query parameters present in the first URI must be exactly present | // Any query parameters present in the first URI must be exactly present | ||||
// in the second URI. | // in the second URI. | ||||
$need_params = $primary_uri->getQueryParams(); | $need_params = $primary_uri->getQueryParamsAsMap(); | ||||
$have_params = $secondary_uri->getQueryParams(); | $have_params = $secondary_uri->getQueryParamsAsMap(); | ||||
epriestley: Created an OAuth server for `http://example.com/?v=1&v=1`, hit `/oauthserver/auth/?client_id=... | |||||
foreach ($need_params as $key => $value) { | foreach ($need_params as $key => $value) { | ||||
if (!array_key_exists($key, $have_params)) { | if (!array_key_exists($key, $have_params)) { | ||||
return false; | return false; | ||||
} | } | ||||
if ((string)$have_params[$key] != (string)$value) { | if ((string)$have_params[$key] != (string)$value) { | ||||
return false; | return false; | ||||
} | } | ||||
} | } | ||||
Show All 15 Lines |
Created an OAuth server for http://example.com/?v=1&v=1, hit /oauthserver/auth/?client_id=...&response_type=code&redirect_uri=http://example.com/?v=1, got a validation exception.
This error is very slightly opaque (it doesn't tell you what's wrong explicitly, just that the provided redirect URI does not match the specified redirect URI) but extremely hard to hit.