Remove uneccesary client verification

This commit is contained in:
Rui Yang 2020-01-10 14:39:08 -05:00
parent 13be146d2a
commit 0f9a74f1d0

View File

@ -1153,7 +1153,6 @@ func (s *Server) handleUserInfo(w http.ResponseWriter, r *http.Request) {
}
func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, client storage.Client) {
// Parse the fields
if err := r.ParseForm(); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "Couldn't parse data", http.StatusBadRequest)
@ -1161,38 +1160,10 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
}
q := r.Form
// Get the clientID and secret from basic auth or form variables
clientID, clientSecret, ok := r.BasicAuth()
if ok {
var err error
if clientID, err = url.QueryUnescape(clientID); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "client_id improperly encoded", http.StatusBadRequest)
return
}
if clientSecret, err = url.QueryUnescape(clientSecret); err != nil {
s.tokenErrHelper(w, errInvalidRequest, "client_secret improperly encoded", http.StatusBadRequest)
return
}
} else {
clientID = q.Get("client_id")
clientSecret = q.Get("client_secret")
}
nonce := q.Get("nonce")
// Some clients, like the old go-oidc, provide extra whitespace. Tolerate this.
scopes := strings.Fields(q.Get("scope"))
// Get the client from the database
client, err := s.storage.GetClient(clientID)
if err != nil {
if err == storage.ErrNotFound {
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Invalid client_id (%q).", clientID), http.StatusBadRequest)
return
}
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Failed to get client %v.", err), http.StatusBadRequest)
return
}
// Parse the scopes if they are passed
var (
unrecognized []string
@ -1211,7 +1182,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
continue
}
isTrusted, err := s.validateCrossClientTrust(clientID, peerID)
isTrusted, err := s.validateCrossClientTrust(client.ID, peerID)
if err != nil {
s.tokenErrHelper(w, errInvalidClient, fmt.Sprintf("Error validating cross client trust %v.", err), http.StatusBadRequest)
return
@ -1299,7 +1270,7 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
refresh := storage.RefreshToken{
ID: storage.NewID(),
Token: storage.NewID(),
ClientID: clientID,
ClientID: client.ID,
ConnectorID: connID,
Scopes: scopes,
Claims: claims,
@ -1390,7 +1361,6 @@ func (s *Server) handlePasswordGrant(w http.ResponseWriter, r *http.Request, cli
deleteToken = true
return
}
}
}