~netlandish/gobwebs-oauth2

0a83016b4bcb5ea577ac65bb6e8ed759050e95d4 — Peter Sanchez 1 year, 8 days ago 36cc65c
Cleaning up revoke auth verification for unescaping data, etc.
1 files changed, 20 insertions(+), 13 deletions(-)

M routes.go
M routes.go => routes.go +20 -13
@@ 751,26 751,33 @@ func (s *Service) RevokeTokenPOST(c echo.Context) error {
		return s.accessTokenError(c, "invalid_request",
			"Invalid Authorization header", 400)
	}
	z := strings.SplitN(header, " ", 2)
	if len(z) != 2 {
		return s.accessTokenError(c, "invalid_request",
	parts := strings.SplitN(header, " ", 2)
	if len(parts) != 2 || parts[0] != "Basic" {
		return s.accessTokenError(c, "invalid_client",
			"Invalid Authorization header", 400)
	}
	if strings.ToLower(z[0]) != "basic" {
		return s.accessTokenError(c, "invalid_request",
	bytes, err := base64.StdEncoding.DecodeString(parts[1])
	if err != nil {
		return s.accessTokenError(c, "invalid_client",
			"Invalid Authorization header contents", 400)
	}
	auth := string(bytes)
	if !strings.Contains(auth, ":") {
		return s.accessTokenError(c, "invalid_client",
			"Invalid Authorization header", 400)
	}
	idsec, err := base64.StdEncoding.DecodeString(z[1])
	parts = strings.SplitN(auth, ":", 2)
	clientID, err := url.PathUnescape(parts[0])
	if err != nil {
		return s.accessTokenError(c, "invalid_request",
			"Invalid Authorization header", 400)
		return s.accessTokenError(c, "invalid_client",
			"Invalid Authorization header contents", 400)
	}
	z = strings.SplitN(string(idsec), ":", 2)
	if len(z) != 2 {
		return s.accessTokenError(c, "invalid_request",
			"Invalid Authorization header", 400)
	clientSecret, err := url.PathUnescape(parts[1])
	if err != nil {
		return s.accessTokenError(c, "invalid_client",
			"Invalid Authorization header contents", 400)
	}
	clientID, clientSecret := z[0], z[1]

	client, err := GetClientByID(c.Request().Context(), clientID)
	if err != nil {
		c.Response().Header().Set("WWW-Authenticate", "Basic")