Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7b7ba23

Browse files
committed
Allow fetching app with query param and form value
1 parent9d89e20 commit7b7ba23

File tree

1 file changed

+43
-3
lines changed

1 file changed

+43
-3
lines changed

‎coderd/httpmw/oauth2.go

Lines changed: 43 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,8 @@ import (
66
"net/http"
77
"reflect"
88

9+
"github.com/go-chi/chi/v5"
10+
"github.com/google/uuid"
911
"golang.org/x/oauth2"
1012

1113
"github.com/coder/coder/v2/coderd/database"
@@ -194,9 +196,47 @@ func ExtractOAuth2ProviderApp(db database.Store) func(http.Handler) http.Handler
194196
returnfunc(next http.Handler) http.Handler {
195197
returnhttp.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {
196198
ctx:=r.Context()
197-
appID,ok:=ParseUUIDParam(rw,r,"app")
198-
if!ok {
199-
return
199+
200+
// App can come from a URL param, query param, or form value.
201+
paramID:="app"
202+
varappID uuid.UUID
203+
ifchi.URLParam(r,paramID)!="" {
204+
varokbool
205+
appID,ok=ParseUUIDParam(rw,r,"app")
206+
if!ok {
207+
return
208+
}
209+
}else {
210+
// If not provided by the url, then it is provided according to the
211+
// oauth 2 spec. This can occur with query params, or in the body as form
212+
// parameters.
213+
// This also depends on if you are doing a POST (tokens) or GET (authorize).
214+
215+
// This can also be sent as a query param for oauth exchanging.
216+
// According to the oauth2 spec.
217+
paramAppID:=r.URL.Query().Get("client_id")
218+
ifparamAppID=="" {
219+
// Check the form params!
220+
ifr.ParseForm()==nil {
221+
paramAppID=r.Form.Get("client_id")
222+
}
223+
}
224+
ifparamAppID=="" {
225+
httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{
226+
Message:"Missing OAuth2 client ID.",
227+
})
228+
return
229+
}
230+
231+
varerrerror
232+
appID,err=uuid.Parse(paramAppID)
233+
iferr!=nil {
234+
httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{
235+
Message:"Invalid OAuth2 client ID.",
236+
Detail:err.Error(),
237+
})
238+
return
239+
}
200240
}
201241

202242
app,err:=db.GetOAuth2ProviderAppByID(ctx,appID)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp