diff options
| author | mrw1593 <botahamec@outlook.com> | 2023-07-02 12:02:26 -0400 |
|---|---|---|
| committer | mrw1593 <botahamec@outlook.com> | 2023-07-02 12:02:26 -0400 |
| commit | 8c52004a7973d6521150370328a3a8fb6085a1c3 (patch) | |
| tree | 6c9717322e54c520526af385100fa2440df72224 /src/models | |
| parent | 15a7387309fed7dcc589216aac748811e0321ab4 (diff) | |
More secure redirect URIs
Diffstat (limited to 'src/models')
| -rw-r--r-- | src/models/client.rs | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/models/client.rs b/src/models/client.rs index 56b0ae6..38be37f 100644 --- a/src/models/client.rs +++ b/src/models/client.rs @@ -60,6 +60,10 @@ pub enum CreateClientError { NoSecret, #[error("Only confidential clients may be trusted")] TrustedError, + #[error("Redirect URIs must not include a fragment component")] + UriFragment, + #[error("Redirect URIs must use HTTPS")] + NonHttpsUri, } impl ResponseError for CreateClientError { @@ -93,6 +97,16 @@ impl Client { yeet!(CreateClientError::TrustedError.into()); } + for redirect_uri in redirect_uris { + if redirect_uri.scheme() != "https" { + yeet!(CreateClientError::NonHttpsUri.into()) + } + + if redirect_uri.fragment().is_some() { + yeet!(CreateClientError::UriFragment.into()) + } + } + Ok(Self { id, alias: Box::from(alias), |