kopia lustrzana https://github.com/cloudflare/wildebeest
Merge pull request #292 from cloudflare/sven/code-in-url
oauth: get token support code in URLpull/295/head
commit
96f6134fe9
|
@ -240,5 +240,25 @@ describe('Mastodon APIs', () => {
|
|||
assert.equal(res.status, 200)
|
||||
assertCORS(res)
|
||||
})
|
||||
|
||||
test('token handles code in URL', async () => {
|
||||
const db = await makeDB()
|
||||
const client = await createTestClient(db, 'https://localhost')
|
||||
|
||||
const code = client.id + '.a'
|
||||
|
||||
const req = new Request('https://example.com/oauth/token?code=' + code, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
body: '',
|
||||
})
|
||||
const res = await oauth_token.handleRequest(db, req)
|
||||
assert.equal(res.status, 200)
|
||||
|
||||
const data = await res.json<any>()
|
||||
assert.equal(data.access_token, code)
|
||||
})
|
||||
})
|
||||
})
|
||||
|
|
|
@ -24,12 +24,23 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
|
|||
return new Response('', { headers })
|
||||
}
|
||||
|
||||
const data = await readBody<Body>(request)
|
||||
if (!data.code) {
|
||||
let data: Body = { code: null }
|
||||
try {
|
||||
data = await readBody<Body>(request)
|
||||
} catch (err: any) {
|
||||
// ignore error
|
||||
}
|
||||
|
||||
let code = data.code
|
||||
if (!code) {
|
||||
const url = new URL(request.url)
|
||||
code = url.searchParams.get('code')
|
||||
}
|
||||
if (!code) {
|
||||
return errors.notAuthorized('missing authorization')
|
||||
}
|
||||
|
||||
const parts = data.code.split('.')
|
||||
const parts = code.split('.')
|
||||
const clientId = parts[0]
|
||||
|
||||
const client = await getClientById(db, clientId)
|
||||
|
@ -38,7 +49,7 @@ export async function handleRequest(db: D1Database, request: Request): Promise<R
|
|||
}
|
||||
|
||||
const res = {
|
||||
access_token: data.code,
|
||||
access_token: code,
|
||||
token_type: 'Bearer',
|
||||
scope: client.scopes,
|
||||
created_at: (Date.now() / 1000) | 0,
|
||||
|
|
Ładowanie…
Reference in New Issue