diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-05-16 11:24:48 +0200 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-05-22 14:51:03 +0200 |
commit | a04ea70fcaedc602fa3e8aeb77dadab5506f1786 (patch) | |
tree | 450b9bab4af6aef8e203b4d6ad3e8807f14fc3f5 /apps/oauth2/lib | |
parent | 000cf1951c9e5a7090b16df7613139c3b8313e1e (diff) | |
download | nextcloud-server-a04ea70fcaedc602fa3e8aeb77dadab5506f1786.tar.gz nextcloud-server-a04ea70fcaedc602fa3e8aeb77dadab5506f1786.zip |
Fail if the response type is not properly set
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'apps/oauth2/lib')
-rw-r--r-- | apps/oauth2/lib/Controller/LoginRedirectorController.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php index 9237b4b1b3c..8e6d6d55e2d 100644 --- a/apps/oauth2/lib/Controller/LoginRedirectorController.php +++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php @@ -61,11 +61,20 @@ class LoginRedirectorController extends Controller { * * @param string $client_id * @param string $state + * @param string $response_type * @return RedirectResponse */ public function authorize($client_id, - $state) { + $state, + $response_type) { $client = $this->clientMapper->getByIdentifier($client_id); + + if ($response_type !== 'code') { + //Fail + $url = $client->getRedirectUri() . '?error=unsupported_response_type&state=' . $state; + return new RedirectResponse($url); + } + $this->session->set('oauth.state', $state); $targetUrl = $this->urlGenerator->linkToRouteAbsolute( |