Strip query from redirect_uris

master
Garrett Mills 3 years ago
parent 9b18e3c8a9
commit 5874653960
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246

@ -49,9 +49,13 @@ class Oauth2 extends Controller {
const uris = Array.isArray(req.query.redirect_uri) ? req.query.redirect_uri : [req.query.redirect_uri]
for ( const uri of uris ) {
const uri_instance = new URL(uri)
uri_instance.search = ''
const stripped_uri = uri_instance.toString()
const client = await Client.findOne({clientID: client_id})
if ( !client ) continue
if ( !client.redirectUris.includes(uri) ) continue
if ( !client.redirectUris.includes(stripped_uri) ) continue
return client
}

@ -1,6 +1,6 @@
{
"name": "flitter-auth",
"version": "0.19.5",
"version": "0.19.6",
"description": "Auth framework for Flitter.",
"main": "index.js",
"repository": {

Loading…
Cancel
Save