Skip to content

Commit 250ff44

Browse files
julien-ncjulien-nc
committed
fix(oauth): make the throttling reason more specific
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent 0f5923f commit 250ff44

2 files changed

Lines changed: 5 additions & 2 deletions

File tree

apps/oauth2/lib/Controller/OauthApiController.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ public function getToken(
181181
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
182182
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
183183
$newEncryptedToken = $this->crypto->encrypt($newToken, $newCode);
184+
$redeemedThrottleReason = $grant_type === 'authorization_code'
185+
? 'authorization_code_already_redeemed'
186+
: 'refresh_token_already_redeemed';
184187
$tokenRotated = false;
185188

186189
$this->db->beginTransaction();
@@ -211,7 +214,7 @@ public function getToken(
211214
$response = new JSONResponse([
212215
'error' => 'invalid_request',
213216
], Http::STATUS_BAD_REQUEST);
214-
$response->throttle(['invalid_request' => 'token already redeemed']);
217+
$response->throttle(['invalid_request' => $redeemedThrottleReason]);
215218
return $response;
216219
}
217220

apps/oauth2/tests/Controller/OauthApiControllerTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -656,7 +656,7 @@ public function testRefreshTokenRedeemedConcurrently(): void {
656656
$expected = new JSONResponse([
657657
'error' => 'invalid_request',
658658
], Http::STATUS_BAD_REQUEST);
659-
$expected->throttle(['invalid_request' => 'token already redeemed']);
659+
$expected->throttle(['invalid_request' => 'refresh_token_already_redeemed']);
660660

661661
$accessToken = new AccessToken();
662662
$accessToken->setId(21);

0 commit comments

Comments
 (0)