From c716638725118ed0a3fa0a3d61855b44ea6caf5f Mon Sep 17 00:00:00 2001 From: Lakhan Samani Date: Tue, 18 Oct 2022 23:24:19 +0530 Subject: [PATCH] fix(server): revert the state & code_challenge validation --- server/handlers/authorize.go | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go index 5ececd2..ba745f5 100644 --- a/server/handlers/authorize.go +++ b/server/handlers/authorize.go @@ -80,10 +80,32 @@ func AuthorizeHandler() gin.HandlerFunc { // used for response mode query or fragment loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI loginURL := "/app?" + loginState + if responseMode == constants.ResponseModeFragment { loginURL = "/app#" + loginState } + if state == "" { + handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{ + "type": "authorization_response", + "response": map[string]interface{}{ + "error": "state_required", + "error_description": "state is required", + }, + }, http.StatusOK) + return + } + + if responseType == constants.ResponseTypeCode && codeChallenge == "" { + handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{ + "type": "authorization_response", + "response": map[string]interface{}{ + "error": "code_challenge_required", + "error_description": "code challenge is required", + }, + }, http.StatusOK) + } + loginError := map[string]interface{}{ "type": "authorization_response", "response": map[string]interface{}{ @@ -91,7 +113,6 @@ func AuthorizeHandler() gin.HandlerFunc { "error_description": "Login is required", }, } - sessionToken, err := cookie.GetSession(gc) if err != nil { log.Debug("GetSession failed: ", err) @@ -274,10 +295,6 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC return fmt.Errorf("invalid client_id %s", clientID) } - if strings.TrimSpace(state) == "" { - return fmt.Errorf("state is required") - } - return nil }