Chromium Code Reviews Chromium Code Reviews
Issue 22611008:
Remove third party auth redirect URI domain check. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: remoting/webapp/third_party_token_fetcher.js |
| diff --git a/remoting/webapp/third_party_token_fetcher.js b/remoting/webapp/third_party_token_fetcher.js |
| index a16246cd0109067ea9411bdb557c6b3a53fc30e5..0d1751259e98fff3e5b7297b84e5aeafd9ef7a1d 100644 |
| --- a/remoting/webapp/third_party_token_fetcher.js |
| +++ b/remoting/webapp/third_party_token_fetcher.js |
| @@ -88,36 +88,33 @@ remoting.ThirdPartyTokenFetcher.prototype.parseRedirectUrl_ = |
| function(responseUrl) { |
| var token = ''; |
| var sharedSecret = ''; |
| - if (responseUrl && |
| - responseUrl.search(this.redirectUri_ + '#') == 0) { |
| - var query = responseUrl.substring(this.redirectUri_.length + 1); |
| - var parts = query.split('&'); |
| - /** @type {Object.<string>} */ |
| - var queryArgs = {}; |
| - for (var i = 0; i < parts.length; i++) { |
| - var pair = parts[i].split('='); |
| - queryArgs[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); |
| - } |
| + var query = responseUrl.substring(responseUrl.search('#') + 1); |
|
Wez
2013/08/09 00:35:28
Old code coped with an empty responseUrl - don't w
rmsousa
2013/08/09 01:44:00
being pedantic: the new code was also (accidentall
|
| + var parts = query.split('&'); |
| + /** @type {Object.<string>} */ |
| + var queryArgs = {}; |
| + for (var i = 0; i < parts.length; i++) { |
| + var pair = parts[i].split('='); |
| + queryArgs[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1]); |
| + } |
| - // Check that 'state' contains the same XSRF token we sent in the request. |
| - var xsrfToken = queryArgs['state']; |
| - if (xsrfToken == this.xsrfToken_ && |
| - 'code' in queryArgs && 'access_token' in queryArgs) { |
| - // Terminology note: |
| - // In the OAuth code/token exchange semantics, 'code' refers to the value |
| - // obtained when the *user* authenticates itself, while 'access_token' is |
| - // the value obtained when the *application* authenticates itself to the |
| - // server ("implicitly", by receiving it directly in the URL fragment, or |
| - // explicitly, by sending the 'code' and a 'client_secret' to the server). |
| - // Internally, the piece of data obtained when the user authenticates |
| - // itself is called the 'token', and the one obtained when the host |
| - // authenticates itself (using the 'token' received from the client and |
| - // its private key) is called the 'shared secret'. |
| - // The client implicitly authenticates itself, and directly obtains the |
| - // 'shared secret', along with the 'token' from the redirect URL fragment. |
| - token = queryArgs['code']; |
| - sharedSecret = queryArgs['access_token']; |
| - } |
| + // Check that 'state' contains the same XSRF token we sent in the request. |
| + var xsrfToken = queryArgs['state']; |
| + if (xsrfToken == this.xsrfToken_ && |
| + 'code' in queryArgs && 'access_token' in queryArgs) { |
| + // Terminology note: |
| + // In the OAuth code/token exchange semantics, 'code' refers to the value |
| + // obtained when the *user* authenticates itself, while 'access_token' is |
| + // the value obtained when the *application* authenticates itself to the |
| + // server ("implicitly", by receiving it directly in the URL fragment, or |
| + // explicitly, by sending the 'code' and a 'client_secret' to the server). |
| + // Internally, the piece of data obtained when the user authenticates |
| + // itself is called the 'token', and the one obtained when the host |
| + // authenticates itself (using the 'token' received from the client and |
| + // its private key) is called the 'shared secret'. |
| + // The client implicitly authenticates itself, and directly obtains the |
| + // 'shared secret', along with the 'token' from the redirect URL fragment. |
| + token = queryArgs['code']; |
| + sharedSecret = queryArgs['access_token']; |
| } |
| this.onThirdPartyTokenFetched_(token, sharedSecret); |
| }; |
