Closed Bug 1199329 Opened 10 years ago Closed 10 years ago

Auth Delegation should ignore the query string parameters of a callback URI when determining uniqueness

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dylan, Assigned: dylan)

References

Details

Attachments

(1 file)

1199329_1.patch
535 bytes, patch
glob
: review+
Details | Diff | Splinter Review
Currently, the uniqueness of an auth delegation request is the hash of the callback uri and the description. We also allow additional query string parameters to be passed in the callback_uri. The result of this is multiple api keys being created for the same "site". The fix for this is to strip off the query string parameters of the callback_uri before hashing.
Attached patch 1199329_1.patchSplinter Review
Well, this was simple.
Attachment #8653775 - Flags: review?(glob)
Comment on attachment 8653775 [details] [diff] [review] 1199329_1.patch Review of attachment 8653775 [details] [diff] [review]: ----------------------------------------------------------------- r=glob
Attachment #8653775 - Flags: review?(glob) → review+
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git 933f413..52c93e6 master -> master
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: