Arsharth/dex
1
0
Fork 0
forked from mystiq/dex
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove uneccesary client verification

Browse source
This commit is contained in:
Rui Yang 2020-01-10 14:39:08 -05:00
parent 13be146d2a
commit 0f9a74f1d0
1 changed files with 2 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
server/handlers.go
View file

@ -1153,7 +1153,6 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
} }
func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) { func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) {
// Parse the fields // Parse the fields
if err := r.ParseForm(); err != nil { if err := r.ParseForm(); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest) s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest)
@ -1161,38 +1160,10 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
} }
q := r.Form q := r.Form
// Get the clientID and secret from basic auth or form variables
clientID, clientSecret, ok := r.BasicAuth()
if ok {
var err error
if clientID, err = url.QueryUnescape(clientID); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "client_id improperly encoded", http.StatusBadRequest)
return
}
if clientSecret, err = url.QueryUnescape(clientSecret); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "client_secret improperly encoded", http.StatusBadRequest)
return
}
} else {
clientID = q.Get("client_id")
clientSecret = q.Get("client_secret")
}
nonce := q.Get("nonce") nonce := q.Get("nonce")
// Some clients, like the old go-oidc, provide extra whitespace. Tolerate this. // Some clients, like the old go-oidc, provide extra whitespace. Tolerate this.
scopes := strings.Fields(q.Get("scope")) scopes := strings.Fields(q.Get("scope"))
// Get the client from the database
client, err := s.storage.GetClient(clientID)
if err != nil {
if err == storage.ErrNotFound {
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Invalid client_id (%q).", clientID), http.StatusBadRequest)
return
}
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Failed to get client %v.", err), http.StatusBadRequest)
return
}
// Parse the scopes if they are passed // Parse the scopes if they are passed
var ( var (
unrecognized []string unrecognized []string
@ -1211,7 +1182,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
continue continue
} }
isTrusted, err := s.validateCrossClientTrust(clientID, peerID) isTrusted, err := s.validateCrossClientTrust(client.ID, peerID)
if err != nil { if err != nil {
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest) s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest)
return return
@ -1299,7 +1270,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
refresh := storage.RefreshToken{ refresh := storage.RefreshToken{
ID: storage.NewID(), ID: storage.NewID(),
Token: storage.NewID(), Token: storage.NewID(),
ClientID: clientID, ClientID: client.ID,
ConnectorID: connID, ConnectorID: connID,
Scopes: scopes, Scopes: scopes,
Claims: claims, Claims: claims,
@ -1390,7 +1361,6 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
deleteToken = true deleteToken = true
return return
} }
} }
} }