From c33ae6a656453e960a10f815b6d5d9632a21a293 Mon Sep 17 00:00:00 2001
From: Gaming4JC <g4jc@hyperbola.info>
Date: Mon, 30 Dec 2019 09:49:29 -0500
Subject: Bug 1597933 - improve OAuth2 params parsing.

---
 mailnews/base/util/OAuth2.jsm | 22 +++++++---------------
 1 file changed, 7 insertions(+), 15 deletions(-)

(limited to 'mailnews/base/util')

diff --git a/mailnews/base/util/OAuth2.jsm b/mailnews/base/util/OAuth2.jsm
index dcbfb428f..8feee0e94 100644
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -15,15 +15,6 @@ Cu.import("resource://gre/modules/Services.jsm");
 Cu.import("resource://gre/modules/XPCOMUtils.jsm");
 Cu.import("resource:///modules/gloda/log4moz.js");
 
-function parseURLData(aData) {
-  let result = {};
-  aData.split(/[?#]/, 2)[1].split("&").forEach(function (aParam) {
-    let [key, value] = aParam.split("=");
-    result[key] = decodeURIComponent(value);
-  });
-  return result;
-}
-
 // Only allow one connecting window per endpoint.
 var gConnecting = {};
 
@@ -169,13 +160,14 @@ OAuth2.prototype = {
         delete this._browserRequest;
     },
 
-    onAuthorizationReceived: function(aData) {
-        this.log.info("authorization received" + aData);
-        let results = parseURLData(aData);
-        if (results.code) {
-            this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
+  // @see RFC 6749 section 4.1.2: Authorization Response
+  onAuthorizationReceived(aURL) {
+    this.log.info("OAuth2 authorization received: url=" + aURL);
+    let params = new URLSearchParams(aURL.split("?", 2)[1]);
+    if (params.has("code")) {
+      this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION);
         } else {
-          this.onAuthorizationFailed(null, aData);
+          this.onAuthorizationFailed(null, aURL);
         }
     },
 
-- 
cgit v1.2.3