Skip to content

Commit efae1a4

Browse files
erikjverikjv
committed
Properly encode scope and prompt items in OAuth URL
The scope and the prompt items of an OAuth query can be branded and can contain characters that are not valid without encoding them. This change makes sure that those get encoded properly. Fixes: #11472
1 parent 523c720 commit efae1a4

File tree

2 files changed

+13
-8
lines changed

2 files changed

+13
-8
lines changed

changelog/unreleased/11472

+7
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
Bugfix: Properly encode scope and prompt items in OAuth URL
2+
3+
Fixed a bug where the scope and prompt items of an OAuth query would not
4+
be encoded, resulting in an invalid request.
5+
6+
https://github.com/owncloud/client/issues/11472
7+
https://github.com/owncloud/client/pull/11479

src/libsync/creds/oauth.cpp

+6-8
Original file line numberDiff line numberDiff line change
@@ -466,14 +466,12 @@ QUrl OAuth::authorisationLink() const
466466

467467
const QByteArray code_challenge = QCryptographicHash::hash(_pkceCodeVerifier, QCryptographicHash::Sha256)
468468
.toBase64(QByteArray::Base64UrlEncoding | QByteArray::OmitTrailingEquals);
469-
QUrlQuery query { { QStringLiteral("response_type"), QStringLiteral("code") },
470-
{ QStringLiteral("client_id"), _clientId },
471-
{ QStringLiteral("redirect_uri"), QStringLiteral("%1:%2").arg(_redirectUrl, QString::number(_server.serverPort())) },
472-
{ QStringLiteral("code_challenge"), QString::fromLatin1(code_challenge) },
473-
{ QStringLiteral("code_challenge_method"), QStringLiteral("S256") },
474-
{ QStringLiteral("scope"), Theme::instance()->openIdConnectScopes() },
475-
{ QStringLiteral("prompt"), Theme::instance()->openIdConnectPrompt() },
476-
{ QStringLiteral("state"), QString::fromUtf8(_state) } };
469+
QUrlQuery query{{QStringLiteral("response_type"), QStringLiteral("code")}, {QStringLiteral("client_id"), _clientId},
470+
{QStringLiteral("redirect_uri"), QStringLiteral("%1:%2").arg(_redirectUrl, QString::number(_server.serverPort()))},
471+
{QStringLiteral("code_challenge"), QString::fromLatin1(code_challenge)}, {QStringLiteral("code_challenge_method"), QStringLiteral("S256")},
472+
{QStringLiteral("scope"), QString::fromUtf8(QUrl::toPercentEncoding(Theme::instance()->openIdConnectScopes()))},
473+
{QStringLiteral("prompt"), QString::fromUtf8(QUrl::toPercentEncoding(Theme::instance()->openIdConnectPrompt()))},
474+
{QStringLiteral("state"), QString::fromUtf8(_state)}};
477475

478476
if (!_davUser.isEmpty()) {
479477
const QString davUser = QString::fromUtf8(QUrl::toPercentEncoding(_davUser)); // Issue #7762;

0 commit comments

Comments
 (0)