summaryrefslogtreecommitdiff
path: root/internal/api/client/auth/authorize.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/api/client/auth/authorize.go')
-rw-r--r--internal/api/client/auth/authorize.go12
1 files changed, 11 insertions, 1 deletions
diff --git a/internal/api/client/auth/authorize.go b/internal/api/client/auth/authorize.go
index 233dacfd2..1a594a319 100644
--- a/internal/api/client/auth/authorize.go
+++ b/internal/api/client/auth/authorize.go
@@ -189,6 +189,11 @@ func (m *Module) AuthorizePOSTHandler(c *gin.Context) {
errs = append(errs, fmt.Sprintf("key %s was not found in session", sessionScope))
}
+ var clientState string
+ if s, ok := s.Get(sessionClientState).(string); ok {
+ clientState = s
+ }
+
userID, ok := s.Get(sessionUserID).(string)
if !ok {
errs = append(errs, fmt.Sprintf("key %s was not found in session", sessionUserID))
@@ -246,6 +251,10 @@ func (m *Module) AuthorizePOSTHandler(c *gin.Context) {
sessionUserID: {userID},
}
+ if clientState != "" {
+ c.Request.Form.Set("state", clientState)
+ }
+
if err := m.processor.OAuthHandleAuthorizeRequest(c.Writer, c.Request); err != nil {
api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error(), helpfulAdvice), m.processor.InstanceGet)
}
@@ -285,7 +294,8 @@ func saveAuthFormToSession(s sessions.Session, form *model.OAuthAuthorize) gtser
s.Set(sessionClientID, form.ClientID)
s.Set(sessionRedirectURI, form.RedirectURI)
s.Set(sessionScope, form.Scope)
- s.Set(sessionState, uuid.NewString())
+ s.Set(sessionInternalState, uuid.NewString())
+ s.Set(sessionClientState, form.State)
if err := s.Save(); err != nil {
err := fmt.Errorf("error saving form values onto session: %s", err)
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-13 16:40:37 +0000