Skip to content

Commit cb251bd

Browse files
yannicktrinhyannicktrinh
committed
Fix ACI0105928 : 4DNetKit: getToken fails when the state parameter contains special characters
1 parent a516558 commit cb251bd

File tree

1 file changed

+43
-9
lines changed

1 file changed

+43
-9
lines changed

Project/Sources/Classes/OAuth2Provider.4dm

Lines changed: 43 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -236,7 +236,14 @@ Class constructor($inParams : Object)
236236
This.clientAssertionType:="urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
237237
End if
238238

239-
This.state:=Choose(((Value type($inParams.state)=Is text) && (Length($inParams.state)>0)); $inParams.state; Generate UUID)
239+
If ((Value type($inParams.state)=Is text) && (Length($inParams.state)>0))
240+
This.state:=This._cleanString($inParams.state) // Keep only letters, digits, - and _
241+
If (Length(This.state)=0)
242+
This.state:=Generate UUID
243+
End if
244+
Else
245+
This.state:=Generate UUID
246+
End if
240247
If ((Value type($inParams.nonce)=Is text) && (Length($inParams.nonce)>0))
241248
This.nonce:=$inParams.nonce
242249
End if
@@ -246,10 +253,37 @@ Class constructor($inParams : Object)
246253

247254
This._finally()
248255

256+
249257
// Mark: - [Private]
250258
// ----------------------------------------------------
251259

252260

261+
Function _cleanString($inString : Text) : Text
262+
263+
var $string : Text:=""
264+
var $i; $code : Integer
265+
var $len : Integer:=Length($inString)
266+
var $c : Text
267+
268+
For ($i; 1; $len)
269+
$c:=Substring($inString; $i; 1)
270+
$code:=Character code($c)
271+
272+
// Keep only letter (A-Z, a-z), numbers (0-9), and '-', '_'
273+
If ((($code>=48) && ($code<=57)) || \
274+
(($code>=65) && ($code<=90)) || \
275+
(($code>=97) && ($code<=122)) || \
276+
(($c="-") || ($c="_")))
277+
$string+=$c
278+
End if
279+
End for
280+
281+
return $string
282+
283+
284+
// ----------------------------------------------------
285+
286+
253287
Function _generateCodeChallenge($codeVerifier : Text) : Text
254288

255289
If (This.PKCEMethod="plain")
@@ -481,18 +515,18 @@ Function _getToken_SignedIn($bUseRefreshToken : Boolean) : Object
481515
var $params : cs.URL:=cs.URL.new()
482516
var $bSendRequest : Boolean:=True
483517
If ($bUseRefreshToken)
484-
518+
485519
$params.addQueryParameter("client_id"; This.clientId)
486520
If (Length(This.scope)>0)
487521
$params.addQueryParameter("scope"; cs.Tools.me.urlEncode(This.scope))
488-
End if
522+
End if
489523
$params.addQueryParameter("refresh_token"; This.token.refresh_token)
490524
$params.addQueryParameter("grant_type"; "refresh_token")
491525
If (Length(This.clientSecret)>0)
492526
$params.addQueryParameter("client_secret"; This.clientSecret)
493-
End if
494-
495-
Else
527+
End if
528+
529+
Else
496530

497531
If (Length(String(This.redirectURI))>0)
498532

@@ -528,7 +562,7 @@ Function _getToken_SignedIn($bUseRefreshToken : Boolean) : Object
528562
var $authorizationCode : Text:=This._getAuthorizationCode()
529563

530564
If (Length($authorizationCode)>0)
531-
565+
532566
$params.addQueryParameter("client_id"; This.clientId)
533567
$params.addQueryParameter("grant_type"; "authorization_code")
534568
$params.addQueryParameter("code"; $authorizationCode)
@@ -540,7 +574,7 @@ Function _getToken_SignedIn($bUseRefreshToken : Boolean) : Object
540574
$params.addQueryParameter("client_secret"; This.clientSecret)
541575
End if
542576
$params.addQueryParameter("scope"; cs.Tools.me.urlEncode(This.scope))
543-
577+
544578
Else
545579

546580
$bSendRequest:=False
@@ -623,7 +657,7 @@ Function _getToken_Service() : Object
623657
$params.addQueryParameter("client_assertion"; $bearer)
624658

625659
Else
626-
660+
627661
$params.addQueryParameter("client_id"; This.clientId)
628662
If (Length(This.scope)>0)
629663
$params.addQueryParameter("scope"; cs.Tools.me.urlEncode(This.scope))

0 commit comments

Comments
 (0)