stable

Clone or download

Read-only

Validate provided redirect URI

Part of story #14570 Authorization grant confirmation page How to test: - Go to a project's administration - Create an OAuth2 app with a redirect endpoint, for example "https://tuleap.example.com/redirect" - query its ID in the database - go to https://tuleap.example.com/oauth2_server/authorize?client_id=tlp-client-id-<app_id>&redirect_uri=https%3A%2F%2Ftuleap.example.com%2Fredirect The authorization form should display. Omitting or modifying the redirect_uri parameter should be forbidden. Change-Id: I81a1ec988cc4434afeff5b5259800c8e5e80c72a

Modified Files

Name
M plugins/oauth2_server/include/AuthorizationServer/AuthorizationEndpointGetController.php +8 −0 Go to diff View file
M plugins/oauth2_server/phpunit/AuthorizationServer/AuthorizationEndpointGetControllerTest.php +45 −9 Go to diff View file