Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Cannot get an OAuth2 access token from an authorization code without TLS

Download Browse

All the OAuth2 flow must be done over TLS. All recents Tuleap deployments are HTTPS only by default. This contribution makes sure this cannot be bypassed. To do a functionnal test, you need to adapt the nginx configuration to allow HTTP connections and then call with a POST request '/plugins/oauth2_server/access_token'. This is part of story #14542: have OAuth2 flow Change-Id: I0b1d863c69b0a10a4d290397483ee287e6b807e8

+149 −4
Thomas Gerbet (tgerbet) 2020-02-24 11:04
Thomas Gerbet (tgerbet) 2020-02-24 11:15
40c6d08516c05cf884cbd3eaa51cc4e3df5ec90f
5dbc5553c81ebaabf81f00f28949019e852e60c5
git #tuleap/stable/40c6d08516c05cf884cbd3eaa51cc4e3df5ec90f

Modified Files

Side by side diff
Inline diff
Name
M plugins/oauth2_server/include/oauth2_serverPlugin.php +10 −4 Go to diff View file
M src/common/Http/HTTPFactoryBuilder.php +7 −0 Go to diff View file
A src/common/Http/Server/RejectNonHTTPSRequestMiddleware.php +58 −0 Go to diff View file
A tests/phpunit/common/Http/Server/RejectNonHTTPSRequestMiddlewareTest.php +74 −0 Go to diff View file