diff options
| author | Christopher Speller <crspeller@gmail.com> | 2017-04-27 10:55:03 -0400 |
|---|---|---|
| committer | Joram Wilander <jwawilander@gmail.com> | 2017-04-27 10:55:03 -0400 |
| commit | 9a87bb3af68216b53ee8f89d6604c715c7b85b2d (patch) | |
| tree | 8c06aed890f388b228f3aefb8e398309bc73c0b9 /app/oauth.go | |
| parent | 0e007e344bf10993529711f14c4168365c3504c3 (diff) | |
| download | chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.tar.gz chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.tar.bz2 chat-9a87bb3af68216b53ee8f89d6604c715c7b85b2d.zip | |
Creating common token store and moving email invites and verification to it (#6213)
Diffstat (limited to 'app/oauth.go')
| -rw-r--r-- | app/oauth.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/app/oauth.go b/app/oauth.go index 5bbe744d9..03e3c507b 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -109,7 +109,7 @@ func AllowOAuthAppAccessToUser(userId string, authRequest *model.AuthorizeReques } authData := &model.AuthData{UserId: userId, ClientId: authRequest.ClientId, CreateAt: model.GetMillis(), RedirectUri: authRequest.RedirectUri, State: authRequest.State, Scope: authRequest.Scope} - authData.Code = model.HashPassword(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId)) + authData.Code = utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId)) // this saves the OAuth2 app as authorized authorizedApp := model.Preference{ @@ -167,7 +167,7 @@ func GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret, refresh return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.redirect_uri.app_error", nil, "", http.StatusBadRequest) } - if !model.ComparePassword(code, fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) { + if code != utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) { return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest) } @@ -530,7 +530,7 @@ func GetAuthorizationCode(service string, props map[string]string, loginHint str endpoint := sso.AuthEndpoint scope := sso.Scope - props["hash"] = model.HashPassword(clientId) + props["hash"] = utils.HashSha256(clientId) state := b64.StdEncoding.EncodeToString([]byte(model.MapToJson(props))) redirectUri := utils.GetSiteURL() + "/signup/" + service + "/complete" @@ -563,7 +563,7 @@ func AuthorizeOAuthUser(service, code, state, redirectUri string) (io.ReadCloser stateProps := model.MapFromJson(strings.NewReader(stateStr)) - if !model.ComparePassword(stateProps["hash"], sso.Id) { + if stateProps["hash"] != utils.HashSha256(sso.Id) { return nil, "", nil, model.NewLocAppError("AuthorizeOAuthUser", "api.user.authorize_oauth_user.invalid_state.app_error", nil, "") } |