upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix(oauth2): Do not store the code in throttle metadata

Browse source 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
This commit is contained in:
Côme Chilliet 2026-03-19 14:25:14 +01:00 committed by Côme Chilliet
parent a797903c86
commit 333d68067a
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
apps/oauth2/lib/Controller/OauthApiController.php
View file

@ -93,7 +93,7 @@ class OauthApiController extends Controller {
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'token not found', 'code' => $code]);
$response->throttle(['invalid_request' => 'token not found']);
return $response;
}

4
apps/oauth2/tests/Controller/OauthApiControllerTest.php
View file

@ -98,7 +98,7 @@ class OauthApiControllerTest extends TestCase {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidcode']);
$expected->throttle(['invalid_request' => 'token not found']);
$this->accessTokenMapper->method('getByCode')
->with('invalidcode')
@ -194,7 +194,7 @@ class OauthApiControllerTest extends TestCase {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$expected->throttle(['invalid_request' => 'token not found', 'code' => 'invalidrefresh']);
$expected->throttle(['invalid_request' => 'token not found']);
$this->accessTokenMapper->method('getByCode')
->with('invalidrefresh')