[mastodon-client] Correctly implement multiple callback URIs for OAuth, resolves #150

This commit is contained in:
Laura Hausmann 2023-09-03 02:47:28 +02:00 committed by ThatOneCalculator
parent bdc89e5568
commit 738502f051
No known key found for this signature in database
GPG Key ID: 8703CACD01000000

View File

@ -111,7 +111,13 @@ export default defineComponent({
}, {}); }, {});
const isMastodon = !!getUrlParams().mastodon; const isMastodon = !!getUrlParams().mastodon;
if (this.session.app.callbackUrl && isMastodon) { if (this.session.app.callbackUrl && isMastodon) {
const callbackUrl = new URL(this.session.app.callbackUrl); const redirectUri = decodeURIComponent(getUrlParams().redirect_uri);
if (!this.session.app.callbackUrl.split('\n').some(p => p === redirectUri)){
this.state = "fetch-session-error";
this.fetching = false;
throw new Error("callback uri doesn't match registered app");
}
const callbackUrl = new URL(redirectUri)
callbackUrl.searchParams.append("code", this.session.token); callbackUrl.searchParams.append("code", this.session.token);
if (getUrlParams().state) if (getUrlParams().state)
callbackUrl.searchParams.append( callbackUrl.searchParams.append(