Merge pull request #838 from uc-cdis/fix/ras-redirect

Fix(RAS): Deny redirects to default client redirect_uri

fence/blueprints/login/base.py

@@ -6,7 +6,6 @@
 from fence.blueprints.login.redirect import validate_redirect
 from fence.config import config
 from fence.errors import UserError
-from fence.models import Client
 
 
 class DefaultOAuth2Login(Resource):
@@ -82,13 +81,9 @@ def get(self):
             redirect_query_params = parse_qsl(
                 urlparse(redirect_uri).query, keep_blank_values=True
             )
-            client_id = dict(redirect_query_params).get("client_id")
-            if client_id:
-                with flask.current_app.db.session as session:
-                    client = (
-                        session.query(Client).filter_by(client_id=client_id).first()
-                    )
-                    redirect_uri = client.redirect_uri
+            redirect_uri = (
+                dict(redirect_query_params).get("redirect_uri") or redirect_uri
+            )  # the query params returns empty when we're using the default fence client
 
             final_query_params = urlencode(
                 redirect_query_params + received_query_params