Commit 089e5ec
Changed files (2)
app
controllers
models
app/controllers/oauths_controller.rb
@@ -6,19 +6,15 @@ class OauthsController < ApplicationController
def show
@client = Client.find_by!(uuid: params[:client_id])
- if @client.redirect_uri != params[:redirect_uri]
- return redirect_to @client.redirect_url(
- error: :invalid_request,
- state: params[:state]
- )
- end
+ return redirect_to @client.redirect_url(
+ error: :invalid_request,
+ state: params[:state]
+ ) unless @client.valid_redirect_uri?(params[:redirect_uri])
- unless VALID_RESPONSE_TYPES.include?(params[:response_type])
- return redirect_to @client.redirect_url(
- error: :unsupported_response_type,
- state: params[:state]
- )
- end
+ return redirect_to @client.redirect_url(
+ error: :unsupported_response_type,
+ state: params[:state]
+ ) unless @client.valid_response_type?(params[:response_type])
session[:oauth] = {
client_id: params[:client_id],
app/models/client.rb
@@ -1,6 +1,7 @@
# frozen_string_literal: true
class Client < ApplicationRecord
+ RESPONSE_TYPES = %w[code token].freeze
audited
has_secure_token :secret
has_many :authorizations
@@ -27,6 +28,14 @@ class Client < ApplicationRecord
uuid
end
+ def valid_redirect_uri?(redirect_uri)
+ self.redirect_uri == redirect_uri
+ end
+
+ def valid_response_type?(response_type)
+ RESPONSE_TYPES.include?(response_type)
+ end
+
def redirect_url_for(user, response_type, state)
authorization = authorizations.create!(user: user)
if response_type == 'code'