Fix bug with missing & in authorization URL for OIDC
Also adds testing to ensure we don't break this again
This commit is contained in:
Joseph Schorr
parent
4c0ab81ac8
commit
22a39c3007
8 changed files with 131 additions and 86 deletions
|
|
@ -1,4 +1,4 @@
|
|||
from oauth.base import OAuthService
|
||||
from oauth.base import OAuthService, OAuthEndpoint
|
||||
from util import slash_join
|
||||
|
||||
class GitLabOAuthService(OAuthService):
|
||||
|
|
@ -24,17 +24,17 @@ class GitLabOAuthService(OAuthService):
|
|||
return slash_join(self._endpoint(), suffix)
|
||||
|
||||
def authorize_endpoint(self):
|
||||
return slash_join(self._endpoint(), '/oauth/authorize')
|
||||
return OAuthEndpoint(slash_join(self._endpoint(), '/oauth/authorize'))
|
||||
|
||||
def token_endpoint(self):
|
||||
return slash_join(self._endpoint(), '/oauth/token')
|
||||
return OAuthEndpoint(slash_join(self._endpoint(), '/oauth/token'))
|
||||
|
||||
def validate_client_id_and_secret(self, http_client, app_config):
|
||||
# We validate the client ID and secret by hitting the OAuth token exchange endpoint with
|
||||
# the real client ID and secret, but a fake auth code to exchange. Gitlab's implementation will
|
||||
# return `invalid_client` as the `error` if the client ID or secret is invalid; otherwise, it
|
||||
# will return another error.
|
||||
url = self.token_endpoint()
|
||||
url = self.token_endpoint().to_url()
|
||||
redirect_uri = self.get_redirect_uri(app_config, redirect_suffix='trigger')
|
||||
data = {
|
||||
'code': 'fakecode',
|
||||
|
|
@ -55,6 +55,6 @@ class GitLabOAuthService(OAuthService):
|
|||
def get_public_config(self):
|
||||
return {
|
||||
'CLIENT_ID': self.client_id(),
|
||||
'AUTHORIZE_ENDPOINT': self.authorize_endpoint(),
|
||||
'AUTHORIZE_ENDPOINT': self.authorize_endpoint().to_url_prefix(),
|
||||
'GITLAB_ENDPOINT': self._endpoint(),
|
||||
}
|
||||
|
|
|
|||
Reference in a new issue