upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25

fix(oauth): make the throttling reason more specific

Browse source 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
This commit is contained in:
Julien Veyssier 2026-04-08 15:19:36 +02:00 committed by backportbot[bot]
parent f2ea66410b
commit 4760f6b017
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
apps/oauth2/lib/Controller/OauthApiController.php
View file

@ -181,6 +181,9 @@ class OauthApiController extends Controller {
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
$newEncryptedToken = $this->crypto->encrypt($newToken, $newCode);
$redeemedThrottleReason = $grant_type === 'authorization_code'
? 'authorization_code_already_redeemed'
: 'refresh_token_already_redeemed';
$tokenRotated = false;
$this->db->beginTransaction();
@ -211,7 +214,7 @@ class OauthApiController extends Controller {
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'token already redeemed']);
$response->throttle(['invalid_request' => $redeemedThrottleReason]);
return $response;
}

2
apps/oauth2/tests/Controller/OauthApiControllerTest.php
View file

@ -656,7 +656,7 @@ class OauthApiControllerTest extends TestCase {
$expected = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$expected->throttle(['invalid_request' => 'token already redeemed']);
$expected->throttle(['invalid_request' => 'refresh_token_already_redeemed']);
$accessToken = new AccessToken();
$accessToken->setId(21);