diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 18:28:50 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-03-01 18:28:50 +0000 |
commit | 165c4fb3de28c1b03b1d3a5e05b8962b73eea228 (patch) | |
tree | 30f2d692638d8d4e16cc9535a965aae80c5961e6 /app/controllers/oauth/jira_dvcs/authorizations_controller.rb | |
parent | 20c396b4c9f52858b386e06d0b64c9f40a0559a2 (diff) | |
download | gitlab-ce-165c4fb3de28c1b03b1d3a5e05b8962b73eea228.tar.gz |
Add latest changes from gitlab-org/security/gitlab@15-8-stable-ee
Diffstat (limited to 'app/controllers/oauth/jira_dvcs/authorizations_controller.rb')
-rw-r--r-- | app/controllers/oauth/jira_dvcs/authorizations_controller.rb | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb index 613999f4ca7..03921761f45 100644 --- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb +++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb @@ -8,6 +8,8 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController skip_before_action :authenticate_user! skip_before_action :verify_authenticity_token + before_action :validate_redirect_uri, only: :new + feature_category :integrations # 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL. @@ -56,4 +58,15 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController def normalize_scope(scope) scope == 'repo' ? 'api' : scope end + + def validate_redirect_uri + client = Doorkeeper::OAuth::Client.find(params[:client_id]) + return render_404 unless client + + return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?( + params['redirect_uri'], client.redirect_uri + ) + + render_403 + end end |