Fail if the response type is not properly set

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-16 11:24:48 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2018-05-22 09:24:17 +0200
commit: 4e3aef22a1eed62fda16b4d48df34fd45a85309e (patch)
tree: 36dc14124e9671794514e7564a589a2018066f20 /apps/oauth2/lib
parent: 49795d2006591617fee7a5f561fdabb860c71c8f (diff)
download: nextcloud-server-4e3aef22a1eed62fda16b4d48df34fd45a85309e.tar.gz
nextcloud-server-4e3aef22a1eed62fda16b4d48df34fd45a85309e.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 9237b4b1b3c..8e6d6d55e2d 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -61,11 +61,20 @@ class LoginRedirectorController extends Controller {
 	 *
 	 * @param string $client_id
 	 * @param string $state
+	 * @param string $response_type
 	 * @return RedirectResponse
 	 */
 	public function authorize($client_id,
-							  $state) {
+							  $state,
+							  $response_type) {
 		$client = $this->clientMapper->getByIdentifier($client_id);
+
+		if ($response_type !== 'code') {
+			//Fail
+			$url = $client->getRedirectUri() . '?error=unsupported_response_type&state=' . $state;
+			return new RedirectResponse($url);
+		}
+
 		$this->session->set('oauth.state', $state);
 
 		$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
author	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-16 11:24:48 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2018-05-22 09:24:17 +0200
commit	4e3aef22a1eed62fda16b4d48df34fd45a85309e (patch)
tree	36dc14124e9671794514e7564a589a2018066f20 /apps/oauth2/lib
parent	49795d2006591617fee7a5f561fdabb860c71c8f (diff)
download	nextcloud-server-4e3aef22a1eed62fda16b4d48df34fd45a85309e.tar.gz nextcloud-server-4e3aef22a1eed62fda16b4d48df34fd45a85309e.zip