From 1606831fd6f44fd2ff5e85f48e88f52dadd10c53 Mon Sep 17 00:00:00 2001 From: Ajayn84 <33545623+Ajayn84@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:14:05 +0530 Subject: [PATCH 1/3] Update persister_oauth2.go to handle special character | coming in the scopes as part of consent request Url encoded and decoded while fetching values from the table, as "|" is a seperator used to store scopes --- persistence/sql/persister_oauth2.go | 35 +++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go index 6e1336b80de..591c221030a 100644 --- a/persistence/sql/persister_oauth2.go +++ b/persistence/sql/persister_oauth2.go @@ -110,8 +110,8 @@ func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string, RequestedAt: r.GetRequestedAt(), InternalExpiresAt: sqlxx.NullTime(expiresAt), Client: r.GetClient().GetID(), - Scopes: strings.Join(r.GetRequestedScopes(), "|"), - GrantedScope: strings.Join(r.GetGrantedScopes(), "|"), + Scopes: strings.Join(escapeDelimiter(r.GetRequestedScopes()), "|"), + GrantedScope: strings.Join(escapeDelimiter(r.GetGrantedScopes()), "|"), GrantedAudience: strings.Join(r.GetGrantedAudience(), "|"), RequestedAudience: strings.Join(r.GetRequestedAudience(), "|"), Form: r.GetRequestForm().Encode(), @@ -158,8 +158,8 @@ func (r *OAuth2RequestSQL) toRequest(ctx context.Context, session fosite.Session RequestedAt: r.RequestedAt, // ExpiresAt does not need to be populated as we get the expiry time from the session. Client: c, - RequestedScope: stringsx.Splitx(r.Scopes, "|"), - GrantedScope: stringsx.Splitx(r.GrantedScope, "|"), + RequestedScope: unescapeDelimiter(r.Scopes), + GrantedScope: unescapeDelimiter(r.GrantedScope), RequestedAudience: stringsx.Splitx(r.RequestedAudience, "|"), GrantedAudience: stringsx.Splitx(r.GrantedAudience, "|"), Form: val, @@ -549,3 +549,30 @@ func (p *Persister) DeleteAccessTokens(ctx context.Context, clientID string) (er p.QueryWithNetwork(ctx).Where("client_id=?", clientID).Delete(&OAuth2RequestSQL{Table: sqlTableAccess}), ) } + +func escapeDelimiter(scopes []string) []string { + escapedScopes := make([]string, len(scopes)) + for i, scope := range scopes { + if strings.Contains(scope, "|") { + escapedScopes[i] = url.QueryEscape(scope) + } else { + escapedScopes[i] = scope + } + } + return escapedScopes +} + +func unescapeDelimiter(scopes string) []string { + updatedScopes := stringsx.Splitx(scopes, "|") + if strings.Contains(scopes, "%26") { + for i, scope := range updatedScopes { + unescapedScope, err := url.QueryUnescape(scope) + if err != nil { + errors.Errorf("Error while url unescaping scope: %s", scope) + } + updatedScopes[i] = unescapedScope + } + } + return updatedScopes +} + From 070518c4844bb4c8b68e89a37378a8c8769cf228 Mon Sep 17 00:00:00 2001 From: Ajayn84 <33545623+Ajayn84@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:40:09 +0530 Subject: [PATCH 2/3] fix: Update persister_oauth2.go to handle special character | coming in the scopes as part of consent request --- persistence/sql/persister_oauth2.go | 1 - 1 file changed, 1 deletion(-) diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go index 591c221030a..fc662301308 100644 --- a/persistence/sql/persister_oauth2.go +++ b/persistence/sql/persister_oauth2.go @@ -575,4 +575,3 @@ func unescapeDelimiter(scopes string) []string { } return updatedScopes } - From 64b608361adfe8480c589741a4cb6607031cf19d Mon Sep 17 00:00:00 2001 From: Ajayn84 <33545623+Ajayn84@users.noreply.github.com> Date: Wed, 25 Sep 2024 14:57:23 +0530 Subject: [PATCH 3/3] fix: update commit to fix review comments --- persistence/sql/persister_oauth2.go | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go index fc662301308..8334a072294 100644 --- a/persistence/sql/persister_oauth2.go +++ b/persistence/sql/persister_oauth2.go @@ -153,13 +153,23 @@ func (r *OAuth2RequestSQL) toRequest(ctx context.Context, session fosite.Session return nil, errorsx.WithStack(err) } + scopes, err := unescapeDelimiter(r.Scopes) + if err != nil { + return nil, errorsx.WithStack(err) + } + + grantedScopes, err := unescapeDelimiter(r.GrantedScope) + if err != nil { + return nil, errorsx.WithStack(err) + } + return &fosite.Request{ ID: r.Request, RequestedAt: r.RequestedAt, // ExpiresAt does not need to be populated as we get the expiry time from the session. Client: c, - RequestedScope: unescapeDelimiter(r.Scopes), - GrantedScope: unescapeDelimiter(r.GrantedScope), + RequestedScope: scopes, + GrantedScope: grantedScopes, RequestedAudience: stringsx.Splitx(r.RequestedAudience, "|"), GrantedAudience: stringsx.Splitx(r.GrantedAudience, "|"), Form: val, @@ -562,16 +572,16 @@ func escapeDelimiter(scopes []string) []string { return escapedScopes } -func unescapeDelimiter(scopes string) []string { +func unescapeDelimiter(scopes string) ([]string, error) { updatedScopes := stringsx.Splitx(scopes, "|") if strings.Contains(scopes, "%26") { for i, scope := range updatedScopes { unescapedScope, err := url.QueryUnescape(scope) if err != nil { - errors.Errorf("Error while url unescaping scope: %s", scope) + return nil, errors.Errorf("Error while url unescaping scope: %s", scope) } updatedScopes[i] = unescapedScope } } - return updatedScopes + return updatedScopes, nil }