Skip to content

Commit

Permalink
Allows multipart content type as alternative to x-www-form-urlencoded (
Browse files Browse the repository at this point in the history
  • Loading branch information
budougumi0617 committed Jun 7, 2018
1 parent 6ebd68d commit b661a03
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 7 deletions.
2 changes: 1 addition & 1 deletion access_request_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ func (f *Fosite) NewAccessRequest(ctx context.Context, r *http.Request, session

if r.Method != "POST" {
return accessRequest, errors.WithStack(ErrInvalidRequest.WithDebug("HTTP method is not POST"))
} else if err := r.ParseForm(); err != nil {
} else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
return accessRequest, errors.WithStack(ErrInvalidRequest.WithDebug(err.Error()))
}

Expand Down
2 changes: 1 addition & 1 deletion authorize_request_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ func (c *Fosite) NewAuthorizeRequest(ctx context.Context, r *http.Request) (Auth
Request: *NewRequest(),
}

if err := r.ParseForm(); err != nil {
if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
return request, errors.WithStack(ErrInvalidRequest.WithDebug(err.Error()))
}

Expand Down
2 changes: 1 addition & 1 deletion integration/helper_endpoints_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,7 +132,7 @@ func authCallbackHandler(t *testing.T) func(rw http.ResponseWriter, req *http.Re

func tokenEndpointHandler(t *testing.T, provider fosite.OAuth2Provider) func(rw http.ResponseWriter, req *http.Request) {
return func(rw http.ResponseWriter, req *http.Request) {
req.ParseForm()
req.ParseMultipartForm(1 << 20)
ctx := fosite.NewContext()

accessRequest, err := provider.NewAccessRequest(ctx, req, &oauth2.JWTSession{})
Expand Down
3 changes: 1 addition & 2 deletions introspect.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,7 @@ func AccessTokenFromRequest(req *http.Request) string {
if len(split) != 2 || !strings.EqualFold(split[0], "bearer") {
// Nothing in Authorization header, try access_token
// Empty string returned if there's no such parameter
err := req.ParseForm()
if err != nil {
if err := req.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
return ""
}
return req.Form.Get("access_token")
Expand Down
5 changes: 4 additions & 1 deletion introspection_request_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,12 @@ import (
func (f *Fosite) NewIntrospectionRequest(ctx context.Context, r *http.Request, session Session) (IntrospectionResponder, error) {
if r.Method != "POST" {
return &IntrospectionResponse{Active: false}, errors.WithStack(ErrInvalidRequest.WithDebug("HTTP method is not POST"))
} else if err := r.ParseForm(); err != nil {
} else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
return &IntrospectionResponse{Active: false}, errors.WithStack(ErrInvalidRequest.WithDebug(err.Error()))
}
if len(r.PostForm) == 0 {
return &IntrospectionResponse{Active: false}, errors.WithStack(ErrInvalidRequest.WithDebug("missing form body"))
}

token := r.PostForm.Get("token")
tokenType := r.PostForm.Get("token_type_hint")
Expand Down
5 changes: 4 additions & 1 deletion revoke_handler.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,12 @@ import (
func (f *Fosite) NewRevocationRequest(ctx context.Context, r *http.Request) error {
if r.Method != "POST" {
return errors.WithStack(ErrInvalidRequest.WithDebug("HTTP method is not POST"))
} else if err := r.ParseForm(); err != nil {
} else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
return errors.WithStack(ErrInvalidRequest.WithDebug(err.Error()))
}
if len(r.PostForm) == 0 {
return errors.WithStack(ErrInvalidRequest.WithDebug("missing form body"))
}

clientID, clientSecret, ok := r.BasicAuth()
if !ok {
Expand Down

0 comments on commit b661a03

Please sign in to comment.