Skip to content

Commit 2c78a35

Browse files
julien-ncjulien-nc
committed
fix(oauth): make the throttling reason more specific
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent 1015650 commit 2c78a35

2 files changed

Lines changed: 5 additions & 2 deletions

File tree

apps/oauth2/lib/Controller/OauthApiController.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,6 +181,9 @@ public function getToken(
181181
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
182182
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
183183
$newEncryptedToken = $this->crypto->encrypt($newToken, $newCode);
184+
$redeemedThrottleReason = $grant_type === 'authorization_code'
185+
? 'authorization_code_already_redeemed'
186+
: 'refresh_token_already_redeemed';
184187
$tokenRotated = false;
185188

186189
$this->db->beginTransaction();
@@ -211,7 +214,7 @@ public function getToken(
211214
$response = new JSONResponse([
212215
'error' => 'invalid_request',
213216
], Http::STATUS_BAD_REQUEST);
214-
$response->throttle(['invalid_request' => 'token already redeemed']);
217+
$response->throttle(['invalid_request' => $redeemedThrottleReason]);
215218
return $response;
216219
}
217220

apps/oauth2/tests/Controller/OauthApiControllerTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -652,7 +652,7 @@ public function testRefreshTokenRedeemedConcurrently(): void {
652652
$expected = new JSONResponse([
653653
'error' => 'invalid_request',
654654
], Http::STATUS_BAD_REQUEST);
655-
$expected->throttle(['invalid_request' => 'token already redeemed']);
655+
$expected->throttle(['invalid_request' => 'refresh_token_already_redeemed']);
656656

657657
$accessToken = new AccessToken();
658658
$accessToken->setId(21);

0 commit comments

Comments
 (0)