diff options
| -rw-r--r-- | src/api/clients.rs | 10 | ||||
| -rw-r--r-- | src/models/client.rs | 14 |
2 files changed, 24 insertions, 0 deletions
diff --git a/src/api/clients.rs b/src/api/clients.rs index 27ef995..3f906bb 100644 --- a/src/api/clients.rs +++ b/src/api/clients.rs @@ -418,6 +418,16 @@ async fn update_client_redirect_uris( let db = db.get_ref(); let id = *id; + for uri in body.0.iter() { + if uri.scheme() != "https" { + yeet!(CreateClientError::NonHttpsUri.into()); + } + + if uri.fragment().is_some() { + yeet!(CreateClientError::UriFragment.into()) + } + } + if !db::client_id_exists(db, id).await.unwrap() { yeet!(ClientNotFound::new(id).into()); } diff --git a/src/models/client.rs b/src/models/client.rs index 56b0ae6..38be37f 100644 --- a/src/models/client.rs +++ b/src/models/client.rs @@ -60,6 +60,10 @@ pub enum CreateClientError { NoSecret, #[error("Only confidential clients may be trusted")] TrustedError, + #[error("Redirect URIs must not include a fragment component")] + UriFragment, + #[error("Redirect URIs must use HTTPS")] + NonHttpsUri, } impl ResponseError for CreateClientError { @@ -93,6 +97,16 @@ impl Client { yeet!(CreateClientError::TrustedError.into()); } + for redirect_uri in redirect_uris { + if redirect_uri.scheme() != "https" { + yeet!(CreateClientError::NonHttpsUri.into()) + } + + if redirect_uri.fragment().is_some() { + yeet!(CreateClientError::UriFragment.into()) + } + } + Ok(Self { id, alias: Box::from(alias), |