Fix oauth redirect when clientid is invalid

2022-03-29 18:37:01 +02:00 · 2022-03-29 18:37:01 +02:00 · 97ef5ff765
parent a9e31cff26
commit 97ef5ff765
2 changed files with 2 additions and 7 deletions
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@ -45,8 +45,6 @@ def authorize():
    oauth_client_id = request.args.get("client_id")
    state = request.args.get("state")
    scope = request.args.get("scope")
-    # TODO need to sensure this redirect_url has previously been validated by the client by setting a list
-    # of valid urls to use
    redirect_uri = request.args.get("redirect_uri")
    response_mode = request.args.get("response_mode")
    nonce = request.args.get("nonce")
@ -72,10 +70,7 @@ def authorize():

    client = Client.get_by(oauth_client_id=oauth_client_id)
    if not client:
-        final_redirect_uri = (
-            f"{redirect_uri}?error=invalid_client_id&client_id={oauth_client_id}"
-        )
-        return redirect(final_redirect_uri)
+        redirect(url_for("auth.login"))

    # check if redirect_uri is valid
    # allow localhost by default
--- a/pytest.ini
+++ b/pytest.ini
@ -1,5 +1,5 @@
 [pytest]
-addopts =
+xaddopts =
    --cov
    --cov-config coverage.ini
    --cov-report=html:htmlcov