From a4f8012a38636316d4e09cedf4e1b80c05e89a7e Mon Sep 17 00:00:00 2001 From: Juha Vuolle Date: Mon, 20 May 2024 12:55:35 +0300 Subject: Cache callback value / redirect_uri for later use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit According to 'RFC 8252 Section 8.3' the loopback listening should be closed after receiving authorization response. There were however two things preventing application developers from doing this: 1) The callback (aka redirect_uri) is needed in the subsequent access token request (note: listening is not needed anymore). 2) The callback (aka redirect_uri) is currently used also in refresh token request (this is unnecessary though, and should be removed in a follow-up commit). But the problem for these two was that the QOAuthHttpServerReplyHandler::callback() code asserted (debug) or just returned a wrong value (release) if the handler wasn't listening. This made it unfeasible to close the handler in a timely manner. With this commit the callback/redirect_uri is cached, and consequently the handler can be closed immediately after authorization. Pick-to: 6.2 Fixes: QTBUG-124333 Change-Id: I063637029908ed4fa0390a0cb07511c92bd51874 Reviewed-by: Ivan Solovev Reviewed-by: MÃ¥rten Nordheim (cherry picked from commit 67b2aec9dd987fc4ea0a7c817639b36380ccaf80) Reviewed-by: Qt Cherry-pick Bot (cherry picked from commit 649288461116e5dfe7a13bdb07bd5fb61b245e5f) --- src/oauth/qoauthhttpserverreplyhandler.cpp | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'src/oauth/qoauthhttpserverreplyhandler.cpp') diff --git a/src/oauth/qoauthhttpserverreplyhandler.cpp b/src/oauth/qoauthhttpserverreplyhandler.cpp index 4a43a37..65122aa 100644 --- a/src/oauth/qoauthhttpserverreplyhandler.cpp +++ b/src/oauth/qoauthhttpserverreplyhandler.cpp @@ -39,6 +39,13 @@ QOAuthHttpServerReplyHandlerPrivate::~QOAuthHttpServerReplyHandlerPrivate() httpServer.close(); } +QString QOAuthHttpServerReplyHandlerPrivate::callback() const +{ + const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2") + .arg(callbackPort).arg(path)); + return url.toString(QUrl::EncodeDelimiters); +} + void QOAuthHttpServerReplyHandlerPrivate::_q_clientConnected() { QTcpSocket *socket = httpServer.nextPendingConnection(); @@ -251,11 +258,7 @@ QOAuthHttpServerReplyHandler::~QOAuthHttpServerReplyHandler() QString QOAuthHttpServerReplyHandler::callback() const { Q_D(const QOAuthHttpServerReplyHandler); - - Q_ASSERT(d->httpServer.isListening()); - const QUrl url(QString::fromLatin1("http://127.0.0.1:%1/%2") - .arg(d->httpServer.serverPort()).arg(d->path)); - return url.toString(QUrl::EncodeDelimiters); + return d->callback(); } QString QOAuthHttpServerReplyHandler::callbackPath() const @@ -296,7 +299,13 @@ quint16 QOAuthHttpServerReplyHandler::port() const bool QOAuthHttpServerReplyHandler::listen(const QHostAddress &address, quint16 port) { Q_D(QOAuthHttpServerReplyHandler); - return d->httpServer.listen(address, port); + const bool success = d->httpServer.listen(address, port); + + if (success) { + // Callback ('redirect_uri') value may be needed after this handler is closed + d->callbackPort = d->httpServer.serverPort(); + } + return success; } void QOAuthHttpServerReplyHandler::close() -- cgit v1.2.3