Skip to content

Commit

Permalink
Merge pull request #838 from uc-cdis/fix/ras-redirect
Browse files Browse the repository at this point in the history
Fix(RAS): Deny redirects to default client redirect_uri
  • Loading branch information
BinamB authored Sep 23, 2020
2 parents 4fc5530 + 58a131f commit ed8b837
Showing 1 changed file with 3 additions and 8 deletions.
11 changes: 3 additions & 8 deletions fence/blueprints/login/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
from fence.blueprints.login.redirect import validate_redirect
from fence.config import config
from fence.errors import UserError
from fence.models import Client


class DefaultOAuth2Login(Resource):
Expand Down Expand Up @@ -82,13 +81,9 @@ def get(self):
redirect_query_params = parse_qsl(
urlparse(redirect_uri).query, keep_blank_values=True
)
client_id = dict(redirect_query_params).get("client_id")
if client_id:
with flask.current_app.db.session as session:
client = (
session.query(Client).filter_by(client_id=client_id).first()
)
redirect_uri = client.redirect_uri
redirect_uri = (
dict(redirect_query_params).get("redirect_uri") or redirect_uri
) # the query params returns empty when we're using the default fence client

final_query_params = urlencode(
redirect_query_params + received_query_params
Expand Down

0 comments on commit ed8b837

Please sign in to comment.