diff options
| author | Juha Vuolle <juha.vuolle@qt.io> | 2024-05-20 12:55:35 +0300 |
|---|---|---|
| committer | Juha Vuolle <juha.vuolle@qt.io> | 2024-05-24 13:02:49 +0300 |
| commit | a4f8012a38636316d4e09cedf4e1b80c05e89a7e (patch) | |
| tree | 1b311a77ceac7bb8f8eda9547147cec9c9feb02f /src/oauth/qoauthhttpserverreplyhandler.cpp | |
| parent | 97c7ecd218a2fe3bc8958d336c75749ad9114416 (diff) | |
Cache callback value / redirect_uri for later use
According to 'RFC 8252 Section 8.3' the loopback listening
should be closed after receiving authorization response.
There were however two things preventing application developers
from doing this:
1) The callback (aka redirect_uri) is needed in the subsequent
access token request (note: listening is not needed anymore).
2) The callback (aka redirect_uri) is currently used also in
refresh token request (this is unnecessary though, and should
be removed in a follow-up commit).
But the problem for these two was that the
QOAuthHttpServerReplyHandler::callback() code asserted (debug)
or just returned a wrong value (release) if the handler wasn't
listening. This made it unfeasible to close the handler in a
timely manner.
With this commit the callback/redirect_uri is cached, and
consequently the handler can be closed immediately after
authorization.
Pick-to: 6.2
Fixes: QTBUG-124333
Change-Id: I063637029908ed4fa0390a0cb07511c92bd51874
Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
Reviewed-by: MÃ¥rten Nordheim <marten.nordheim@qt.io>
(cherry picked from commit 67b2aec9dd987fc4ea0a7c817639b36380ccaf80)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 649288461116e5dfe7a13bdb07bd5fb61b245e5f)
Diffstat (limited to 'src/oauth/qoauthhttpserverreplyhandler.cpp')
| -rw-r--r-- | src/oauth/qoauthhttpserverreplyhandler.cpp | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/src/oauth/qoauthhttpserverreplyhandler.cpp b/src/oauth/qoauthhttpserverreplyhandler.cpp index 4a43a37..65122aa 100644 --- a/src/oauth/qoauthhttpserverreplyhandler.cpp +++ b/src/oauth/qoauthhttpserverreplyhandler.cpp @@ -39,6 +39,13 @@ QOAuthHttpServerReplyHandlerPrivate::~QOAuthHttpServerReplyHandlerPrivate() httpServer.close(); } +QString QOAuthHttpServerReplyHandlerPrivate::callback() const +{ + const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2") + .arg(callbackPort).arg(path)); + return url.toString(QUrl::EncodeDelimiters); +} + void QOAuthHttpServerReplyHandlerPrivate::_q_clientConnected() { QTcpSocket *socket = httpServer.nextPendingConnection(); @@ -251,11 +258,7 @@ QOAuthHttpServerReplyHandler::~QOAuthHttpServerReplyHandler() QString QOAuthHttpServerReplyHandler::callback() const { Q_D(const QOAuthHttpServerReplyHandler); - - Q_ASSERT(d->httpServer.isListening()); - const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2") - .arg(d->httpServer.serverPort()).arg(d->path)); - return url.toString(QUrl::EncodeDelimiters); + return d->callback(); } QString QOAuthHttpServerReplyHandler::callbackPath() const @@ -296,7 +299,13 @@ quint16 QOAuthHttpServerReplyHandler::port() const bool QOAuthHttpServerReplyHandler::listen(const QHostAddress &address, quint16 port) { Q_D(QOAuthHttpServerReplyHandler); - return d->httpServer.listen(address, port); + const bool success = d->httpServer.listen(address, port); + + if (success) { + // Callback ('redirect_uri') value may be needed after this handler is closed + d->callbackPort = d->httpServer.serverPort(); + } + return success; } void QOAuthHttpServerReplyHandler::close() |