Skip to content
Snippets Groups Projects
Commit 1ce1b7b5 authored by lain's avatar lain
Browse files

Merge branch 'bugfix/oauth-token-padding' into 'develop' 

oauth: never use base64 padding when returning tokens to applications

See merge request pleroma/pleroma!825
parents 921571c1 e9ef4b8d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/pleroma/web/oauth/app.ex
+ 8
2
View file @ 1ce1b7b5
......@@ -25,8 +25,14 @@ defmodule Pleroma.Web.OAuth.App do
if changeset.valid? do
changeset
|> put_change(:client_id, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|> put_change(:client_secret, :crypto.strong_rand_bytes(32) |> Base.url_encode64())
|> put_change(
:client_id,
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
)
|> put_change(
:client_secret,
:crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
)
else
changeset
end
......
lib/pleroma/web/oauth/authorization.ex
+ 1
1
View file @ 1ce1b7b5
......@@ -24,7 +24,7 @@ defmodule Pleroma.Web.OAuth.Authorization do
end
def create_authorization(%App{} = app, %User{} = user) do
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
authorization = %Authorization{
token: token,
......
lib/pleroma/web/oauth/oauth_controller.ex
+ 1
1
View file @ 1ce1b7b5
......@@ -173,7 +173,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do
token
|> URI.decode()
|> Base.url_decode64!(padding: false)
|> Base.url_encode64()
|> Base.url_encode64(padding: false)
end
defp get_app_from_request(conn, params) do
......
lib/pleroma/web/oauth/token.ex
+ 2
2
View file @ 1ce1b7b5
......@@ -31,8 +31,8 @@ defmodule Pleroma.Web.OAuth.Token do
end
def create_token(%App{} = app, %User{} = user) do
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64()
token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
refresh_token = :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false)
token = %Token{
token: token,
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment