Bug 1597933 - improve OAuth2 params parsing.

1 files changed, 7 insertions, 15 deletions

diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index dcbfb428f..8feee0e94 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -15,15 +15,6 @@ Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource:///modules/gloda/log4moz.js");
 
-function parseURLData(aData) {
-  let result = {};
-  aData.split(/[?#]/, 2)[1].split("&").forEach(function (aParam) {
-    let [key, value] = aParam.split("=");
-    result[key] = decodeURIComponent(value);
-  });
-  return result;
-}
-
 // Only allow one connecting window per endpoint.
 var gConnecting = {};
 
@@ -169,13 +160,14 @@ OAuth2.prototype = {
         delete this._browserRequest;
     },
 
-    onAuthorizationReceived: function(aData) {
-        this.log.info("authorization received" + aData);
-        let results = parseURLData(aData);
-        if (results.code) {
-            this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
+  // @see RFC 6749 section 4.1.2: Authorization Response
+  onAuthorizationReceived(aURL) {
+    this.log.info("OAuth2 authorization received: url=" + aURL);
+    let params = new URLSearchParams(aURL.split("?", 2)[1]);
+    if (params.has("code")) {
+      this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION);
         } else {
-          this.onAuthorizationFailed(null, aData);
+          this.onAuthorizationFailed(null, aURL);
         }
     },