QOAuth2DeviceAuthorizationFlow: prevent double lookup into QJsonObject

Also use QUrl::setUrl() instead of relying on the implicit conversion of QString -> QUrl. Spotted by Marc in code review. Amends f14ca3be866db0f745d9e3da0b82fb8e36784cb4 and 164e2d897fb7c3a60b518985774a4faa360ba2c9. Pick-to: 6.10 Change-Id: I048fd47af4edfe3530f9f451698fe8080cb75d7d Reviewed-by: Marc Mutz <marc.mutz@qt.io>
author: Ahmad Samir <a.samirh78@gmail.com> 2025-11-28 21:53:45 +0200
committer: Ahmad Samir <a.samirh78@gmail.com> 2025-12-01 18:08:55 +0200
commit: 2461b297982d6606bd8a8fb2a880dc984e9025c9 (patch)
tree: bf0d3b43b3174b7bf99985e79550dbf428545812 /src/oauth/qoauth2deviceauthorizationflow.cpp
parent: 27b3aa45fef0b4ff4f64869425dcafd8fd612382 (diff)
1 files changed, 8 insertions, 11 deletions
diff --git a/src/oauth/qoauth2deviceauthorizationflow.cpp b/src/oauth/qoauth2deviceauthorizationflow.cpp
index d0f6003..7a77f79 100644
--- a/src/oauth/qoauth2deviceauthorizationflow.cpp
+++ b/src/oauth/qoauth2deviceauthorizationflow.cpp
@@ -205,10 +205,10 @@ void QOAuth2DeviceAuthorizationFlowPrivate::authorizationReplyFinished(QRestRepl
     const auto receivedExpiresIn = data.value(QtOAuth2RfcKeywords::expiresIn).toInt();
     QUrl receivedVerificationUrl;
     // The RFC keyword is 'verification_uri', but some auth servers provide 'verification_url'
-    if (data.contains(QtOAuth2RfcKeywords::verificationUri))
-        receivedVerificationUrl = data.value(QtOAuth2RfcKeywords::verificationUri).toString();
-    else if (data.contains(QtOAuth2RfcKeywords::verificationUrl))
-        receivedVerificationUrl = data.value(QtOAuth2RfcKeywords::verificationUrl).toString();
+    if (auto it = data.find(QtOAuth2RfcKeywords::verificationUri); it != data.end())
+        receivedVerificationUrl.setUrl(it->toString());
+    else if (auto it = data.find(QtOAuth2RfcKeywords::verificationUrl); it != data.end())
+        receivedVerificationUrl.setUrl(it->toString());
 
     if (receivedDeviceCode.isEmpty() || receivedUserCode.isEmpty()
         || receivedVerificationUrl.isEmpty() || receivedExpiresIn <= 0) {
@@ -244,13 +244,10 @@ void QOAuth2DeviceAuthorizationFlowPrivate::authorizationReplyFinished(QRestRepl
     QUrl receivedVerificationUrlComplete;
     // The RFC keyword is 'verification_uri_complete', but some auth servers
     // use 'verification_url_complete'
-    if (data.contains(QtOAuth2RfcKeywords::completeVerificationUri)) {
-        receivedVerificationUrlComplete =
-            data.value(QtOAuth2RfcKeywords::completeVerificationUri).toString();
-    } else if (data.contains(QtOAuth2RfcKeywords::completeVerificationUrl)) {
-        receivedVerificationUrlComplete =
-            data.value(QtOAuth2RfcKeywords::completeVerificationUrl).toString();
-    }
+    if (auto it = data.find(QtOAuth2RfcKeywords::completeVerificationUri); it != data.end())
+        receivedVerificationUrlComplete.setUrl(it->toString());
+    else if (auto it = data.find(QtOAuth2RfcKeywords::completeVerificationUrl); it != data.end())
+        receivedVerificationUrlComplete.setUrl(it->toString());
 
     deviceCode = std::move(receivedDeviceCode);
     setUserCode(receivedUserCode);
author	Ahmad Samir <a.samirh78@gmail.com>	2025-11-28 21:53:45 +0200
committer	Ahmad Samir <a.samirh78@gmail.com>	2025-12-01 18:08:55 +0200
commit	2461b297982d6606bd8a8fb2a880dc984e9025c9 (patch)
tree	bf0d3b43b3174b7bf99985e79550dbf428545812 /src/oauth/qoauth2deviceauthorizationflow.cpp
parent	27b3aa45fef0b4ff4f64869425dcafd8fd612382 (diff)