Skip to content

Commit 2293065

Browse files
committedJul 19, 2018
[oauth] Code cleaning and safety checks before accessing
input string lists by index
1 parent ad7a574 commit 2293065

File tree

1 file changed

+32
-22
lines changed

1 file changed

+32
-22
lines changed
 

‎src/auth/oauth2/qgsauthoauth2edit.cpp

Lines changed: 32 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -156,10 +156,6 @@ void QgsAuthOAuth2Edit::setupConnections()
156156
} );
157157
connect( btnRegister, &QPushButton::clicked, this, &QgsAuthOAuth2Edit::getSoftwareStatementConfig );
158158

159-
// FIXME: in the testbed13 code this signal does not exists (but a connection was attempted)
160-
//connect( this, &QgsAuthOAuth2Edit::configSucceeded, this, &QgsAuthOAuth2Edit::registerSoftStatement );
161-
162-
163159
// Custom config editing connections
164160
connect( cmbbxGrantFlow, static_cast<void ( QComboBox::* )( int )>( &QComboBox::currentIndexChanged ),
165161
this, &QgsAuthOAuth2Edit::updateGrantFlow ); // also updates GUI
@@ -267,7 +263,7 @@ void QgsAuthOAuth2Edit::loadConfig( const QgsStringMap &configmap )
267263

268264
//QgsDebugMsg( QStringLiteral( "oauth2config: " ).arg( configmap.value( QStringLiteral( "oauth2config" ) ) ) );
269265

270-
if ( configmap.contains( QStringLiteral( "oauth2config" ) ) )
266+
if ( configmap.contains( QLatin1Literal( "oauth2config" ) ) )
271267
{
272268
tabConfigs->setCurrentIndex( customTab() );
273269
QByteArray configtxt = configmap.value( QStringLiteral( "oauth2config" ) ).toUtf8();
@@ -298,7 +294,7 @@ void QgsAuthOAuth2Edit::loadConfig( const QgsStringMap &configmap )
298294
QgsDebugMsg( QStringLiteral( "FAILED to load OAuth2 config: empty config txt" ) );
299295
}
300296
}
301-
else if ( configmap.contains( QStringLiteral( "definedid" ) ) )
297+
else if ( configmap.contains( QLatin1Literal( "definedid" ) ) )
302298
{
303299
tabConfigs->setCurrentIndex( definedTab() );
304300
QString definedid = configmap.value( QStringLiteral( "definedid" ) );
@@ -499,7 +495,7 @@ void QgsAuthOAuth2Edit::definedCustomDirChanged( const QString &path )
499495
QFileInfo pinfo( path );
500496
bool ok = pinfo.exists() || pinfo.isDir();
501497

502-
leDefinedDirPath->setStyleSheet( ok ? "" : QgsAuthGuiUtils::redTextStyleSheet() );
498+
leDefinedDirPath->setStyleSheet( ok ? QString() : QgsAuthGuiUtils::redTextStyleSheet() );
503499

504500
if ( ok )
505501
{
@@ -513,7 +509,7 @@ void QgsAuthOAuth2Edit::softwareStatementJwtPathChanged( const QString &path )
513509
QFileInfo pinfo( path );
514510
bool ok = pinfo.exists() || pinfo.isFile();
515511

516-
leSoftwareStatementJwtPath->setStyleSheet( ok ? "" : QgsAuthGuiUtils::redTextStyleSheet() );
512+
leSoftwareStatementJwtPath->setStyleSheet( ok ? QString() : QgsAuthGuiUtils::redTextStyleSheet() );
517513

518514
if ( ok )
519515
{
@@ -592,7 +588,7 @@ void QgsAuthOAuth2Edit::getSoftStatementDir()
592588
this->raise();
593589
this->activateWindow();
594590

595-
if ( softStatementFile.isNull() )
591+
if ( softStatementFile.isEmpty() )
596592
{
597593
return;
598594
}
@@ -968,14 +964,20 @@ void QgsAuthOAuth2Edit::parseSoftwareStatement( const QString &path )
968964
}
969965
if ( softwareStatementBase64.isEmpty() )
970966
{
971-
QgsDebugMsg( QStringLiteral( "Error software statement is empty: %1" ).arg( QString( path ) ) );
967+
QgsDebugMsg( QStringLiteral( "Error software statement is empty: %1" ).arg( path ) );
972968
file.close();
973969
return;
974970
}
975971
mRegistrationEndpoint = QString();
976972
file.close();
977973
mSoftwareStatement.insert( "software_statement", softwareStatementBase64 );
978-
QByteArray payload = softwareStatementBase64.split( '.' )[1];
974+
QList<QByteArray> payloadParts( softwareStatementBase64.split( '.' ) );
975+
if ( payloadParts.count() < 2 )
976+
{
977+
QgsDebugMsg( QStringLiteral( "Error parsing JSON: base64 decode returned less than 2 parts" ) );
978+
return;
979+
}
980+
QByteArray payload = payloadParts[1];
979981
QByteArray decoded = QByteArray::fromBase64( payload/*, QByteArray::Base64UrlEncoding*/ );
980982
QByteArray errStr;
981983
bool res = false;
@@ -985,24 +987,32 @@ void QgsAuthOAuth2Edit::parseSoftwareStatement( const QString &path )
985987
QgsDebugMsg( QStringLiteral( "Error parsing JSON: %1" ).arg( QString( errStr ) ) );
986988
return;
987989
}
988-
if ( jsonData.contains( "grant_types" ) && jsonData.contains( QLatin1Literal( "redirect_uris" ) ) )
990+
if ( jsonData.contains( QLatin1Literal( "grant_types" ) ) && jsonData.contains( QLatin1Literal( "redirect_uris" ) ) )
989991
{
990-
QString grantType = jsonData[QLatin1Literal( "grant_types" ) ].toStringList()[0];
991-
if ( grantType == QLatin1Literal( "authorization_code" ) )
992+
QStringList grantTypes( jsonData[QLatin1Literal( "grant_types" ) ].toStringList() );
993+
if ( grantTypes.count( ) )
992994
{
993-
updateGrantFlow( static_cast<int>( QgsAuthOAuth2Config::AuthCode ) );
995+
QString grantType = grantTypes[0];
996+
if ( grantType == QLatin1Literal( "authorization_code" ) )
997+
{
998+
updateGrantFlow( static_cast<int>( QgsAuthOAuth2Config::AuthCode ) );
999+
}
1000+
else
1001+
{
1002+
updateGrantFlow( static_cast<int>( QgsAuthOAuth2Config::ResourceOwner ) );
1003+
}
9941004
}
995-
else
1005+
//Set redirect_uri
1006+
QStringList redirectUris( jsonData[QLatin1Literal( "redirect_uris" ) ].toStringList() );
1007+
if ( redirectUris.count( ) )
9961008
{
997-
updateGrantFlow( static_cast<int>( QgsAuthOAuth2Config::ResourceOwner ) );
1009+
QString redirectUri = redirectUris[0];
1010+
leRedirectUrl->setText( redirectUri );
9981011
}
999-
//Set redirect_uri
1000-
QString redirectUri = jsonData[QLatin1Literal( "redirect_uris" ) ].toStringList()[0];
1001-
leRedirectUrl->setText( redirectUri );
10021012
}
10031013
else
10041014
{
1005-
QgsDebugMsgLevel( QStringLiteral( "Error software statement is invalid: %1" ).arg( QString( path ) ), 4 );
1015+
QgsDebugMsgLevel( QStringLiteral( "Error software statement is invalid: %1" ).arg( path ), 4 );
10061016
return;
10071017
}
10081018
if ( jsonData.contains( QLatin1Literal( "registration_endpoint" ) ) )
@@ -1043,7 +1053,7 @@ void QgsAuthOAuth2Edit::configReplyFinished()
10431053
}
10441054
else
10451055
{
1046-
QString errorMsg = QStringLiteral( "Downloading configuration failed with error: %1" ).arg( configReply->errorString() );
1056+
QString errorMsg = tr( "Downloading configuration failed with error: %1" ).arg( configReply->errorString() );
10471057
QgsMessageLog::logMessage( errorMsg, QStringLiteral( "OAuth2" ), Qgis::Critical );
10481058
}
10491059
}

0 commit comments

Comments
 (0)
Please sign in to comment.