From f94b807f3973d824d8512c94e2a49b510005e56f Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Wed, 4 Oct 2017 11:05:36 -0400 Subject: PLT-7782 Fix for OAuth (#7566) * Fix for oauth * Fix test --- app/oauth.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'app/oauth.go') diff --git a/app/oauth.go b/app/oauth.go index be0535f35..6e411138b 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -6,7 +6,6 @@ package app import ( "bytes" b64 "encoding/base64" - "fmt" "io" "io/ioutil" "net/http" @@ -133,7 +132,7 @@ func (a *App) AllowOAuthAppAccessToUser(userId string, authRequest *model.Author } authData := &model.AuthData{UserId: userId, ClientId: authRequest.ClientId, CreateAt: model.GetMillis(), RedirectUri: authRequest.RedirectUri, State: authRequest.State, Scope: authRequest.Scope} - authData.Code = utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", authRequest.ClientId, authRequest.RedirectUri, authData.CreateAt, userId)) + authData.Code = model.NewId() + model.NewId() // this saves the OAuth2 app as authorized authorizedApp := model.Preference{ @@ -191,10 +190,6 @@ func (a *App) GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.redirect_uri.app_error", nil, "", http.StatusBadRequest) } - if code != utils.HashSha256(fmt.Sprintf("%v:%v:%v:%v", clientId, redirectUri, authData.CreateAt, authData.UserId)) { - return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.expired_code.app_error", nil, "", http.StatusBadRequest) - } - if result := <-a.Srv.Store.User().Get(authData.UserId); result.Err != nil { return nil, model.NewAppError("GetOAuthAccessToken", "api.oauth.get_access_token.internal_user.app_error", nil, "", http.StatusNotFound) } else { -- cgit v1.2.3-1-g7c22