kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: sanitize URLs used for OAuth auth flow (via #5190)

Browse Source 
* fix: sanitize URLs used for OAuth auth flow

* embetter test case

* fix linter issue
This commit is contained in:
kyle
2019-02-23 14:14:30 -08:00
committed by GitHub
parent d9f460f4a8
commit 1e184e8e21
3 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/core/oauth2-authorize.js
View File

@@ -1,5 +1,5 @@
import win from "core/window"
import { btoa } from "core/utils"
import { btoa, sanitizeUrl } from "core/utils"
export default function authorize ( { auth, authActions, errActions, configs, authConfigs={} } ) {
let { schema, scopes, name, clientId } = auth
@@ -74,8 +74,9 @@ export default function authorize ( { auth, authActions, errActions, configs, au
}
}
let authorizationUrl = schema.get("authorizationUrl")
let url = [authorizationUrl, query.join("&")].join(authorizationUrl.indexOf("?") === -1 ? "?" : "&")
const authorizationUrl = schema.get("authorizationUrl")
const sanitizedAuthorizationUrl = sanitizeUrl(authorizationUrl)
let url = [sanitizedAuthorizationUrl, query.join("&")].join(authorizationUrl.indexOf("?") === -1 ? "?" : "&")
// pass action authorizeOauth2 and authentication data through window
// to authorize with oauth2