Closed Bug 1199329 Opened 4 years ago Closed 4 years ago

Auth Delegation should ignore the query string parameters of a callback URI when determining uniqueness

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: dylan, Assigned: dylan)

References

Details

Attachments

(1 file)

Currently, the uniqueness of an auth delegation request is the hash of the callback uri and the description. We also allow additional query string parameters to be passed in the callback_uri. The result of this is multiple api keys being created for the same "site". 

The fix for this is to strip off the query string parameters of the callback_uri before hashing.
Attached patch 1199329_1.patchSplinter Review
Well, this was simple.
Attachment #8653775 - Flags: review?(glob)
Comment on attachment 8653775 [details] [diff] [review]
1199329_1.patch

Review of attachment 8653775 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob
Attachment #8653775 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   933f413..52c93e6  master -> master
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Duplicate of this bug: 1199641
You need to log in before you can comment on or make changes to this bug.