diff options
| author | mrw1593 <botahamec@outlook.com> | 2023-07-02 12:02:26 -0400 |
|---|---|---|
| committer | mrw1593 <botahamec@outlook.com> | 2023-07-02 12:02:26 -0400 |
| commit | 8c52004a7973d6521150370328a3a8fb6085a1c3 (patch) | |
| tree | 6c9717322e54c520526af385100fa2440df72224 /src/api/clients.rs | |
| parent | 15a7387309fed7dcc589216aac748811e0321ab4 (diff) | |
More secure redirect URIs
Diffstat (limited to 'src/api/clients.rs')
| -rw-r--r-- | src/api/clients.rs | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/api/clients.rs b/src/api/clients.rs index 27ef995..3f906bb 100644 --- a/src/api/clients.rs +++ b/src/api/clients.rs @@ -418,6 +418,16 @@ async fn update_client_redirect_uris( let db = db.get_ref(); let id = *id; + for uri in body.0.iter() { + if uri.scheme() != "https" { + yeet!(CreateClientError::NonHttpsUri.into()); + } + + if uri.fragment().is_some() { + yeet!(CreateClientError::UriFragment.into()) + } + } + if !db::client_id_exists(db, id).await.unwrap() { yeet!(ClientNotFound::new(id).into()); } |