fix(server): revert the state & code_challenge validation

fix: make code_challenge optional
2022-10-18 23:24:19 +05:30 · 2022-10-18 23:14:24 +05:30
1 changed files with 23 additions and 10 deletions
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -64,7 +64,7 @@ func AuthorizeHandler() gin.HandlerFunc {

 		if err := validateAuthorizeRequest(responseType, responseMode, clientID, state, codeChallenge); err != nil {
 			log.Debug("invalid authorization request: ", err)
-			gc.JSON(http.StatusBadRequest, gin.H{"error": err})
+			gc.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
 			return
 		}

@@ -80,10 +80,32 @@ func AuthorizeHandler() gin.HandlerFunc {
 		// used for response mode query or fragment
 		loginState := "state=" + state + "&scope=" + strings.Join(scope, " ") + "&redirect_uri=" + redirectURI
 		loginURL := "/app?" + loginState
+
 		if responseMode == constants.ResponseModeFragment {
 			loginURL = "/app#" + loginState
 		}

+		if state == "" {
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "state_required",
+					"error_description": "state is required",
+				},
+			}, http.StatusOK)
+			return
+		}
+
+		if responseType == constants.ResponseTypeCode && codeChallenge == "" {
+			handleResponse(gc, responseMode, loginURL, redirectURI, map[string]interface{}{
+				"type": "authorization_response",
+				"response": map[string]interface{}{
+					"error":             "code_challenge_required",
+					"error_description": "code challenge is required",
+				},
+			}, http.StatusOK)
+		}
+
 		loginError := map[string]interface{}{
 			"type": "authorization_response",
 			"response": map[string]interface{}{
@@ -91,7 +113,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"error_description": "Login is required",
 			},
 		}
-
 		sessionToken, err := cookie.GetSession(gc)
 		if err != nil {
 			log.Debug("GetSession failed: ", err)
@@ -270,18 +291,10 @@ func validateAuthorizeRequest(responseType, responseMode, clientID, state, codeC
 		return fmt.Errorf("invalid response mode %s. 'query', 'fragment', 'form_post' and 'web_message' are valid response_mode", responseMode)
 	}

-	if responseType == constants.ResponseTypeCode && strings.TrimSpace(codeChallenge) == "" {
-		return fmt.Errorf("code_challenge is required for %s '%s'", responseType, constants.ResponseTypeCode)
-	}
-
 	if client, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID); client != clientID || err != nil {
 		return fmt.Errorf("invalid client_id %s", clientID)
 	}

-	if strings.TrimSpace(state) == "" {
-		return fmt.Errorf("state is required")
-	}
-
 	return nil
 }
Author	SHA1	Message	Date
Lakhan Samani	c716638725	fix(server): revert the state & code_challenge validation	2022-10-18 23:24:19 +05:30
Lakhan Samani	252cd1fa2d	fix: make code_challenge optional	2022-10-18 23:14:24 +05:30