Bug 1597933 - improve OAuth2 params parsing. r=Fallen
authorMagnus Melin <mkmelin+mozilla@iki.fi>
Sat, 23 Nov 2019 22:33:02 +0200
changeset 36712 ff646df746848ce1be66849629e62acf3892b5a3
parent 36711 4c34261831ce476d943f4c25cebdd2aa8101da8c
child 36713 9b0f8cb7ffc12c4317f40a7e27fd223f951f8690
push id2534
push userclokep@gmail.com
push dateMon, 02 Dec 2019 19:52:51 +0000
treeherdercomm-beta@055c50840778 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersFallen
bugs1597933
Bug 1597933 - improve OAuth2 params parsing. r=Fallen
mailnews/base/util/OAuth2.jsm
--- a/mailnews/base/util/OAuth2.jsm
+++ b/mailnews/base/util/OAuth2.jsm
@@ -7,28 +7,16 @@
  * @see RFC 6749
  */
 var EXPORTED_SYMBOLS = ["OAuth2"];
 
 const { httpRequest } = ChromeUtils.import("resource://gre/modules/Http.jsm");
 const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm");
 const { Log4Moz } = ChromeUtils.import("resource:///modules/gloda/log4moz.js");
 
-function parseURLData(aData) {
-  let result = {};
-  aData
-    .split(/[?#]/, 2)[1]
-    .split("&")
-    .forEach(function(aParam) {
-      let [key, value] = aParam.split("=");
-      result[key] = decodeURIComponent(value);
-    });
-  return result;
-}
-
 // Only allow one connecting window per endpoint.
 var gConnecting = {};
 
 function OAuth2(aBaseURI, aScope, aAppKey, aAppSecret) {
   this.authURI = aBaseURI + "oauth2/auth";
   this.tokenURI = aBaseURI + "oauth2/token";
   this.consumerKey = aAppKey;
   this.consumerSecret = aAppSecret;
@@ -178,23 +166,24 @@ OAuth2.prototype = {
 
     this._browserRequest._active = false;
     if ("_listener" in this._browserRequest) {
       this._browserRequest._listener._cleanUp();
     }
     delete this._browserRequest;
   },
 
-  onAuthorizationReceived(aData) {
-    this.log.info("authorization received" + aData);
-    let results = parseURLData(aData);
-    if (results.code) {
-      this.requestAccessToken(results.code, OAuth2.CODE_AUTHORIZATION);
+  // @see RFC 6749 section 4.1.2: Authorization Response
+  onAuthorizationReceived(aURL) {
+    this.log.info("OAuth2 authorization received: url=" + aURL);
+    let params = new URLSearchParams(aURL.split("?", 2)[1]);
+    if (params.has("code")) {
+      this.requestAccessToken(params.get("code"), OAuth2.CODE_AUTHORIZATION);
     } else {
-      this.onAuthorizationFailed(null, aData);
+      this.onAuthorizationFailed(null, aURL);
     }
   },
 
   onAuthorizationFailed(aError, aData) {
     this.connectFailureCallback(aData);
   },
 
   requestAccessToken(aCode, aType) {