Uploaded image for project: 'Shindig'
  1. Shindig
  2. SHINDIG-1945

OAuth authorize.jsp handles form submission results incorrectly

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.5.0-update1
    • 2.5.1
    • Java
    • None

    Description

      Found while reading through the sources: authorize.jsp is used for presenting a user with a dialog whether he wants to authorize an OAuth client for accessing his content.

      The dialog form contains two 'submit' buttons, both named 'Authorize', one giving the value 'Authorize', the other giving the value 'Deny'.

      The JSP however doesn't check for the specific value, but instead checks whether the request contains any value for either the 'Authorize' or 'Deny' parameter. There is no input named 'Deny', and the 'Authorize' parameter will be set to non-null for both 'Authorize' and 'Deny' answers of the user.

      See attached patch.

      Attachments

        Activity

          People

            Unassigned Unassigned
            ankon Andreas Kohn
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment