summaryrefslogtreecommitdiffstats
path: root/api/oauth.go
diff options
context:
space:
mode:
authorenahum <nahumhbl@gmail.com>2016-08-30 14:40:30 -0300
committerJoram Wilander <jwawilander@gmail.com>2016-08-30 13:40:30 -0400
commit18808faead1b7bcdf27dab06e2ffcda1f0680979 (patch)
tree6a657befe66874598305bad2850c4a62c63e1764 /api/oauth.go
parent6c8746dbdc01e5f2b79152e2e495e914c5a9743d (diff)
downloadchat-18808faead1b7bcdf27dab06e2ffcda1f0680979.tar.gz
chat-18808faead1b7bcdf27dab06e2ffcda1f0680979.tar.bz2
chat-18808faead1b7bcdf27dab06e2ffcda1f0680979.zip
PLT-3994 Fix OAuth2: Properly handle allowing an app fails (#3888)
* PLT-3994 Fix OAuth2: Properly handle allowing an app fails * Remove Content-Type from allowOAuth
Diffstat (limited to 'api/oauth.go')
-rw-r--r--api/oauth.go6
1 files changed, 4 insertions, 2 deletions
diff --git a/api/oauth.go b/api/oauth.go
index d2a6dd9d4..d3495895f 100644
--- a/api/oauth.go
+++ b/api/oauth.go
@@ -152,24 +152,26 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("attempt")
- w.Header().Set("Content-Type", "application/x-www-form-urlencoded")
responseData := map[string]string{}
responseType := r.URL.Query().Get("response_type")
if len(responseType) == 0 {
c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_response.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
clientId := r.URL.Query().Get("client_id")
if len(clientId) != 26 {
c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_client.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
redirectUri := r.URL.Query().Get("redirect_uri")
if len(redirectUri) == 0 {
c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.bad_redirect.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
@@ -191,6 +193,7 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
if !app.IsValidRedirectURL(redirectUri) {
c.LogAudit("fail - redirect_uri did not match registered callback")
c.Err = model.NewLocAppError("allowOAuth", "api.oauth.allow_oauth.redirect_callback.app_error", nil, "")
+ c.Err.StatusCode = http.StatusBadRequest
return
}
@@ -226,7 +229,6 @@ func allowOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
c.LogAudit("success")
responseData["redirect"] = redirectUri + "?code=" + url.QueryEscape(authData.Code) + "&state=" + url.QueryEscape(authData.State)
- w.Header().Set("Content-Type", "application/json")
w.Write([]byte(model.MapToJson(responseData)))
}