Deprecate dangerous feature
This commit is contained in:
parent
65b3289900
commit
fad92c5930
@ -308,7 +308,6 @@ pub async fn token(req: HttpRequest,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Check code challenge, if needed
|
// Check code challenge, if needed
|
||||||
if !client.disable_code_verifier.unwrap_or(false) {
|
|
||||||
if let Some(chall) = &session.code_challenge {
|
if let Some(chall) = &session.code_challenge {
|
||||||
let code_verifier = match &q.code_verifier {
|
let code_verifier = match &q.code_verifier {
|
||||||
None => {
|
None => {
|
||||||
@ -321,7 +320,7 @@ pub async fn token(req: HttpRequest,
|
|||||||
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
|
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
if session.access_token.is_some() {
|
if session.access_token.is_some() {
|
||||||
return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));
|
return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));
|
||||||
|
@ -11,7 +11,6 @@ pub struct Client {
|
|||||||
pub description: String,
|
pub description: String,
|
||||||
pub secret: String,
|
pub secret: String,
|
||||||
pub redirect_uri: String,
|
pub redirect_uri: String,
|
||||||
pub disable_code_verifier: Option<bool>,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
impl PartialEq for Client {
|
impl PartialEq for Client {
|
||||||
|
Loading…
Reference in New Issue
Block a user