diff options
| author | Joram Wilander <jwawilander@gmail.com> | 2018-07-27 17:35:43 -0400 |
|---|---|---|
| committer | Elias Nahum <nahumhbl@gmail.com> | 2018-07-27 17:35:43 -0400 |
| commit | 6ac82d5171769bf8d543cb6c017d29c0a4c81621 (patch) | |
| tree | 945a5d1511b1eb4048bfaa4ea59777886713d797 /api4/oauth.go | |
| parent | 441c8741c1738e93258b861d92e4f7293203918a (diff) | |
| download | chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.gz chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.tar.bz2 chat-6ac82d5171769bf8d543cb6c017d29c0a4c81621.zip | |
Implement OAuth2 implicit grant flow (#9178)
Diffstat (limited to 'api4/oauth.go')
| -rw-r--r-- | api4/oauth.go | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/api4/oauth.go b/api4/oauth.go index b858267ee..ab4b1bfcf 100644 --- a/api4/oauth.go +++ b/api4/oauth.go @@ -278,6 +278,12 @@ func authorizeOAuthApp(c *Context, w http.ResponseWriter, r *http.Request) { return } + if c.Session.IsOAuth { + c.SetPermissionError(model.PERMISSION_EDIT_OTHER_USERS) + c.Err.DetailedError += ", attempted access by oauth app" + return + } + c.LogAudit("attempt") redirectUrl, err := c.App.AllowOAuthAppAccessToUser(c.Session.UserId, authRequest) @@ -358,7 +364,6 @@ func authorizeOAuthPage(c *Context, w http.ResponseWriter, r *http.Request) { // Automatically allow if the app is trusted if oauthApp.IsTrusted || isAuthorized { - authRequest.ResponseType = model.AUTHCODE_RESPONSE_TYPE redirectUrl, err := c.App.AllowOAuthAppAccessToUser(c.Session.UserId, authRequest) if err != nil { @@ -418,7 +423,7 @@ func getAccessToken(c *Context, w http.ResponseWriter, r *http.Request) { c.LogAudit("attempt") - accessRsp, err := c.App.GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret, refreshToken) + accessRsp, err := c.App.GetOAuthAccessTokenForCodeFlow(clientId, grantType, redirectUri, code, secret, refreshToken) if err != nil { c.Err = err return |