Browse Source
the conversion OAuthGrantType(parsed_args["grant_type"]) can raise ValueError for invalid values which is not caught and will produce a 500 (#24854)
tags/1.8.1
NeatGuyCoding
2 months ago
1 changed files with 4 additions and 3 deletions
+ 4
- 3
api/controllers/console/auth/oauth_server.py
View File
| parser.add_argument("refresh_token", type=str, required=False, location="json") | parser.add_argument("refresh_token", type=str, required=False, location="json") | ||||
| parsed_args = parser.parse_args() | parsed_args = parser.parse_args() | ||||
| grant_type = OAuthGrantType(parsed_args["grant_type"]) | |||||
| try: | |||||
| grant_type = OAuthGrantType(parsed_args["grant_type"]) | |||||
| except ValueError: | |||||
| raise BadRequest("invalid grant_type") | |||||
| if grant_type == OAuthGrantType.AUTHORIZATION_CODE: | if grant_type == OAuthGrantType.AUTHORIZATION_CODE: | ||||
| if not parsed_args["code"]: | if not parsed_args["code"]: | ||||
| "refresh_token": refresh_token, | "refresh_token": refresh_token, | ||||
| } | } | ||||
| ) | ) | ||||
| else: | |||||
| raise BadRequest("invalid grant_type") | |||||
| class OAuthServerUserAccountApi(Resource): | class OAuthServerUserAccountApi(Resource): |
Loading…