🐛 Fixed profile injection panic in /userinfo route
This commit is contained in:
parent
1480f58cac
commit
460bd1a657
|
@ -16,10 +16,10 @@ import (
|
||||||
|
|
||||||
type (
|
type (
|
||||||
UserInformationResponse struct {
|
UserInformationResponse struct {
|
||||||
Name string `json:"name,omitempty"`
|
Name string `json:"name,omitempty"`
|
||||||
URL *domain.URL `json:"url,omitempty"`
|
URL string `json:"url,omitempty"`
|
||||||
Photo *domain.URL `json:"photo,omitempty"`
|
Photo string `json:"photo,omitempty"`
|
||||||
Email *domain.Email `json:"email,omitempty"`
|
Email string `json:"email,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
RequestHandler struct {
|
RequestHandler struct {
|
||||||
|
@ -75,21 +75,32 @@ func (h *RequestHandler) handleUserInformation(ctx *http.RequestCtx) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if !tkn.Scope.Has(domain.ScopeProfile) && !tkn.Scope.Has(domain.ScopeEmail) {
|
if !tkn.Scope.Has(domain.ScopeProfile) {
|
||||||
ctx.SetStatusCode(http.StatusForbidden)
|
ctx.SetStatusCode(http.StatusForbidden)
|
||||||
|
|
||||||
_ = encoder.Encode(domain.NewError(
|
_ = encoder.Encode(domain.NewError(
|
||||||
domain.ErrorCodeInsufficientScope,
|
domain.ErrorCodeInsufficientScope,
|
||||||
"token with 'profile' and/or 'email' scopes is required to view profile data",
|
"token with 'profile' scope is required to view profile data",
|
||||||
"https://indieauth.net/source/#user-information",
|
"https://indieauth.net/source/#user-information",
|
||||||
))
|
))
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
_ = encoder.Encode(&UserInformationResponse{
|
resp := new(UserInformationResponse)
|
||||||
Name: "",
|
if tkn.Extra == nil {
|
||||||
URL: &domain.URL{},
|
_ = encoder.Encode(resp)
|
||||||
Photo: &domain.URL{},
|
|
||||||
Email: &domain.Email{},
|
return
|
||||||
})
|
}
|
||||||
|
|
||||||
|
resp.Name, _ = tkn.Extra["name"].(string)
|
||||||
|
resp.URL, _ = tkn.Extra["url"].(string)
|
||||||
|
resp.Photo, _ = tkn.Extra["photo"].(string)
|
||||||
|
|
||||||
|
if tkn.Scope.Has(domain.ScopeEmail) {
|
||||||
|
resp.Email, _ = tkn.Extra["email"].(string)
|
||||||
|
}
|
||||||
|
|
||||||
|
_ = encoder.Encode(resp)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue