Skip to content

Commit

Permalink
refactor(endpoint-auth): coerce incoming parameters to strings
Browse files Browse the repository at this point in the history
  • Loading branch information
@paulrobertlloyd
paulrobertlloyd committed May 26, 2023
1 parent 7d66a10 commit b1034c2
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
6 changes: 3 additions & 3 deletions packages/endpoint-auth/lib/controllers/authorization.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ export const authorizationController = {
}

// `response_type` must be `code` (or deprecated `id`)
if (!/^(code|id)$/.test(request.query.response_type)) {
if (!/^(code|id)$/.test(String(request.query.response_type))) {
throw IndiekitError.badRequest(
response.locals.__("BadRequestError.invalidValue", "response_type")
);
Expand All @@ -54,7 +54,7 @@ export const authorizationController = {

// Canonicalise URLs for later comparison
if (request.query[uri]) {
request.query[uri] = getCanonicalUrl(request.query[uri]);
request.query[uri] = getCanonicalUrl(String(request.query[uri]));
}
}

Expand All @@ -70,7 +70,7 @@ export const authorizationController = {
}

// Add client information to locals
request.app.locals.client = await getClientInformation(client_id);
request.app.locals.client = await getClientInformation(String(client_id));

// Use PKCE if code challenge parameters provided
request.app.locals.usePkce = code_challenge && code_challenge_method;
Expand Down
2 changes: 1 addition & 1 deletion packages/endpoint-auth/lib/pushed-authorization-request.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ export const createRequestUri = (request) => {
*/
export const getRequestUriData = (request) => {
const { request_uri } = request.query;
const reference = request_uri.split(":")[5];
const reference = String(request_uri).split(":")[5];

return request.app.locals[reference];
};

0 comments on commit b1034c2

Please sign in to comment.