Ailur
/
burgerauth
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Accidentally put redirect uri check before scanning it in

This commit is contained in:
Tracker-Friendly 2024-05-16 19:12:25 +01:00
parent 52dcc8c282
commit fb0a298ae3
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
main.go
View File

@ -807,16 +807,6 @@ func main() {
var appidcheck, rdiruricheck string var appidcheck, rdiruricheck string
if !(rdiruricheck == redirect_uri) {
c.String(401, "Redirect URI does not match")
return
}
if deny == "true" {
c.Redirect(302, redirect_uri+"?error=access_denied&state="+state)
return
}
err := conn.QueryRow("SELECT appId, rdiruri FROM oauth WHERE appId = ? LIMIT 1", appId).Scan(&appidcheck, &rdiruricheck) err := conn.QueryRow("SELECT appId, rdiruri FROM oauth WHERE appId = ? LIMIT 1", appId).Scan(&appidcheck, &rdiruricheck)
if err != nil { if err != nil {
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
@ -828,6 +818,17 @@ func main() {
return return
} }
if !(rdiruricheck == redirect_uri) {
c.String(401, "Redirect URI does not match")
return
}
if deny == "true" {
c.Redirect(302, redirect_uri+"?error=access_denied&state="+state)
return
}
if !(appidcheck == appId) { if !(appidcheck == appId) {
fmt.Println(appidcheck, appId) fmt.Println(appidcheck, appId)
c.String(401, "OAuth screening failed") c.String(401, "OAuth screening failed")