summaryrefslogtreecommitdiff
path: root/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/oauth/jira_dvcs/authorizations_controller.rb')
-rw-r--r--app/controllers/oauth/jira_dvcs/authorizations_controller.rb13
1 files changed, 13 insertions, 0 deletions
diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
index 613999f4ca7..03921761f45 100644
--- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
+++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb
@@ -8,6 +8,8 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
skip_before_action :authenticate_user!
skip_before_action :verify_authenticity_token
+ before_action :validate_redirect_uri, only: :new
+
feature_category :integrations
# 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL.
@@ -56,4 +58,15 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController
def normalize_scope(scope)
scope == 'repo' ? 'api' : scope
end
+
+ def validate_redirect_uri
+ client = Doorkeeper::OAuth::Client.find(params[:client_id])
+ return render_404 unless client
+
+ return true if Doorkeeper::OAuth::Helpers::URIChecker.valid_for_authorization?(
+ params['redirect_uri'], client.redirect_uri
+ )
+
+ render_403
+ end
end
View Lorry Controller Status