matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-23 11:02:35 +03:00
Code Activity

Proper error when submitting invalid authorization code

Browse Source
This commit is contained in:
Quentin Gliech
2021-09-23 14:48:12 +02:00
parent a9f1f8bb71
commit 4a927861b0
2 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
crates/core/src/handlers/oauth2/token.rs
View File

@@ -153,8 +153,15 @@ async fn authorization_code_grant(
conn: &mut PoolConnection<Postgres>,
) -> Result<AccessTokenResponse, Rejection> {
let mut txn = conn.begin().await.wrap_error()?;
// TODO: recover from failed code lookup with invalid_grant instead
let code = lookup_code(&mut txn, &grant.code).await.wrap_error()?;
// TODO: we should invalidate the existing session if a code is used twice after
// some period of time. See the `oidcc-codereuse-30seconds` test from the
// conformance suite
let code = match lookup_code(&mut txn, &grant.code).await {
Err(e) if e.not_found() => return error(InvalidGrant),
x => x,
}?;
if client.client_id != code.client_id {
return error(UnauthorizedClient);
}