comparison mod_http_oauth2/mod_http_oauth2.lua @ 5229:c24a622a7b85

mod_http_oauth2: Fix appending of query parts in error redirects Looks like this meant to check whether the redirect_uri has a ?query part, but forgot to inspect the field for this in the returned table.
author Kim Alvefur <zash@zash.se>
date Fri, 10 Mar 2023 11:54:30 +0100
parents 77cd01af06a9
children ac252db71027
comparison
equal deleted inserted replaced
5228:77cd01af06a9 5229:c24a622a7b85
427 if not redirect_uri or not is_secure_redirect(redirect_uri) then 427 if not redirect_uri or not is_secure_redirect(redirect_uri) then
428 module:log("warn", "Missing or invalid redirect_uri <%s>, rendering error to user-agent", redirect_uri or ""); 428 module:log("warn", "Missing or invalid redirect_uri <%s>, rendering error to user-agent", redirect_uri or "");
429 return render_page(templates.error, { error = err }); 429 return render_page(templates.error, { error = err });
430 end 430 end
431 local redirect_query = url.parse(redirect_uri); 431 local redirect_query = url.parse(redirect_uri);
432 local sep = redirect_query and "&" or "?"; 432 local sep = redirect_query.query and "&" or "?";
433 redirect_uri = redirect_uri 433 redirect_uri = redirect_uri
434 .. sep .. http.formencode(err.extra.oauth2_response) 434 .. sep .. http.formencode(err.extra.oauth2_response)
435 .. "&" .. http.formencode({ state = q.state, iss = get_issuer() }); 435 .. "&" .. http.formencode({ state = q.state, iss = get_issuer() });
436 module:log("warn", "Sending error response to client via redirect to %s", redirect_uri); 436 module:log("warn", "Sending error response to client via redirect to %s", redirect_uri);
437 return { 437 return {