diff options
author | Gaming4JC <g4jc@hyperbola.info> | 2019-12-30 09:49:29 -0500 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-11 13:43:24 +0100 |
commit | c33ae6a656453e960a10f815b6d5d9632a21a293 (patch) | |
tree | 8ac156c990e4dacdf5119a6598006173434c7cd9 | |
parent | 135098e06425cf20b60dcdd23c8af8d67aa69385 (diff) | |
download | UXP-c33ae6a656453e960a10f815b6d5d9632a21a293.tar UXP-c33ae6a656453e960a10f815b6d5d9632a21a293.tar.gz UXP-c33ae6a656453e960a10f815b6d5d9632a21a293.tar.lz UXP-c33ae6a656453e960a10f815b6d5d9632a21a293.tar.xz UXP-c33ae6a656453e960a10f815b6d5d9632a21a293.zip |
Bug 1597933 - improve OAuth2 params parsing.
-rw-r--r-- | mailnews/base/util/OAuth2.jsm | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm index dcbfb428f..8feee0e94 100644 --- a/mailnews/base/util/OAuth2.jsm +++ b/mailnews/base/util/OAuth2.jsm @@ -15,15 +15,6 @@ Cu.import("resource://gre/modules/Services.jsm"); Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource:///modules/gloda/log4moz.js"); -function parseURLData(aData) { - let result = {}; - aData.split(/[?#]/, 2)[1].split("&").forEach(function (aParam) { - let [key, value] = aParam.split("="); - result[key] = decodeURIComponent(value); - }); - return result; -} - // Only allow one connecting window per endpoint. var gConnecting = {}; @@ -169,13 +160,14 @@ OAuth2.prototype = { delete this._browserRequest; }, - onAuthorizationReceived: function(aData) { - this.log.info("authorization received" + aData); - let results = parseURLData(aData); - if (results.code) { - this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION); + // @see RFC 6749 section 4.1.2: Authorization Response + onAuthorizationReceived(aURL) { + this.log.info("OAuth2 authorization received: url=" + aURL); + let params = new URLSearchParams(aURL.split("?", 2)[1]); + if (params.has("code")) { + this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION); } else { - this.onAuthorizationFailed(null, aData); + this.onAuthorizationFailed(null, aURL); } }, |