IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

MM-15835: correct errors and content types for oauth api calls (#10999)

Browse Source 
* MM-15835: correct errors and content types for oauth api calls

* Addressing PR review comments
This commit is contained in:
Jesús Espino
2019-05-30 19:23:26 +02:00
committed by Joram Wilander
parent ae6fed827a
commit 4de81fa94c
3 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/oauth.go
View File

@@ -246,7 +246,7 @@ func (a *App) GetOAuthAccessTokenForCodeFlow(clientId, grantType, redirectUri, c
var authData *model.AuthData
result := <-a.Srv.Store.OAuth().GetAuthData(code)
if result.Err != nil {
return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusInternalServerError)
return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest)
}
authData = result.Data.(*model.AuthData)
@@ -267,7 +267,7 @@ func (a *App) GetOAuthAccessTokenForCodeFlow(clientId, grantType, redirectUri, c
result = <-a.Srv.Store.OAuth().GetPreviousAccessData(user.Id, clientId)
if result.Err != nil {
return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal.app_error", nil, "", http.StatusInternalServerError)
return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal.app_error", nil, "", http.StatusBadRequest)
}
if result.Data != nil {

2
web/handlers.go
View File

@@ -195,7 +195,7 @@ func (h Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
c.Err.IsOAuth = false
}
if IsApiCall(c.App, r) || IsWebhookCall(c.App, r) || len(r.Header.Get("X-Mobile-App")) > 0 {
if IsApiCall(c.App, r) || IsWebhookCall(c.App, r) || IsOAuthApiCall(c.App, r) || len(r.Header.Get("X-Mobile-App")) > 0 {
w.WriteHeader(c.Err.StatusCode)
w.Write([]byte(c.Err.ToJson()))
} else {

15
web/web.go
View File

@@ -86,6 +86,21 @@ func IsWebhookCall(a *app.App, r *http.Request) bool {
return strings.HasPrefix(r.URL.Path, path.Join(subpath, "hooks")+"/")
}
func IsOAuthApiCall(config configservice.ConfigService, r *http.Request) bool {
subpath, _ := utils.GetSubpathFromConfig(config.Config())
if r.Method == "POST" && r.URL.Path == path.Join(subpath, "oauth", "authorize") {
return true
}
if r.URL.Path == path.Join(subpath, "oauth", "apps", "authorized") ||
r.URL.Path == path.Join(subpath, "oauth", "deauthorize") ||
r.URL.Path == path.Join(subpath, "oauth", "access_token") {
return true
}
return false
}
func ReturnStatusOK(w http.ResponseWriter) {
m := make(map[string]string)
m[model.STATUS] = model.STATUS_OK