kopia lustrzana https://github.com/cloudflare/wildebeest
oauth: get token support code in URL
rodzic
b3f10fedc0
commit
22745197e2
|
@ -240,5 +240,25 @@ describe('Mastodon APIs', () => {
|
||||||
assert.equal(res.status, 200)
|
assert.equal(res.status, 200)
|
||||||
assertCORS(res)
|
assertCORS(res)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
test('token handles code in URL', async () => {
|
||||||
|
const db = await makeDB()
|
||||||
|
const client = await createTestClient(db, 'https://localhost')
|
||||||
|
|
||||||
|
const code = client.id + '.a'
|
||||||
|
|
||||||
|
const req = new Request('https://example.com/oauth/token?code=' + code, {
|
||||||
|
method: 'POST',
|
||||||
|
headers: {
|
||||||
|
'content-type': 'application/json',
|
||||||
|
},
|
||||||
|
body: '',
|
||||||
|
})
|
||||||
|
const res = await oauth_token.handleRequest(db, req)
|
||||||
|
assert.equal(res.status, 200)
|
||||||
|
|
||||||
|
const data = await res.json<any>()
|
||||||
|
assert.equal(data.access_token, code)
|
||||||
|
})
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
|
|
|
@ -24,12 +24,23 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
|
||||||
return new Response('', { headers })
|
return new Response('', { headers })
|
||||||
}
|
}
|
||||||
|
|
||||||
const data = await readBody<Body>(request)
|
let data: Body = { code: null }
|
||||||
if (!data.code) {
|
try {
|
||||||
|
data = await readBody<Body>(request)
|
||||||
|
} catch (err: any) {
|
||||||
|
// ignore error
|
||||||
|
}
|
||||||
|
|
||||||
|
let code = data.code
|
||||||
|
if (!code) {
|
||||||
|
const url = new URL(request.url)
|
||||||
|
code = url.searchParams.get('code')
|
||||||
|
}
|
||||||
|
if (!code) {
|
||||||
return errors.notAuthorized('missing authorization')
|
return errors.notAuthorized('missing authorization')
|
||||||
}
|
}
|
||||||
|
|
||||||
const parts = data.code.split('.')
|
const parts = code.split('.')
|
||||||
const clientId = parts[0]
|
const clientId = parts[0]
|
||||||
|
|
||||||
const client = await getClientById(db, clientId)
|
const client = await getClientById(db, clientId)
|
||||||
|
@ -38,7 +49,7 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
|
||||||
}
|
}
|
||||||
|
|
||||||
const res = {
|
const res = {
|
||||||
access_token: data.code,
|
access_token: code,
|
||||||
token_type: 'Bearer',
|
token_type: 'Bearer',
|
||||||
scope: client.scopes,
|
scope: client.scopes,
|
||||||
created_at: (Date.now() / 1000) | 0,
|
created_at: (Date.now() / 1000) | 0,
|
||||||
|
|
Ładowanie…
Reference in New Issue