Skip to content

Commit 2cf9b2c

Browse files
julien-ncbackportbot[bot]
authored andcommitted
fix(oauth): make the throttling reason more specific
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
1 parent d5666bf commit 2cf9b2c

2 files changed

Lines changed: 5 additions & 2 deletions

File tree

apps/oauth2/lib/Controller/OauthApiController.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,9 @@ public function getToken(
179179
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
180180
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
181181
$newEncryptedToken = $this->crypto->encrypt($newToken, $newCode);
182+
$redeemedThrottleReason = $grant_type === 'authorization_code'
183+
? 'authorization_code_already_redeemed'
184+
: 'refresh_token_already_redeemed';
182185
$tokenRotated = false;
183186

184187
$this->db->beginTransaction();
@@ -209,7 +212,7 @@ public function getToken(
209212
$response = new JSONResponse([
210213
'error' => 'invalid_request',
211214
], Http::STATUS_BAD_REQUEST);
212-
$response->throttle(['invalid_request' => 'token already redeemed']);
215+
$response->throttle(['invalid_request' => $redeemedThrottleReason]);
213216
return $response;
214217
}
215218

apps/oauth2/tests/Controller/OauthApiControllerTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -653,7 +653,7 @@ public function testRefreshTokenRedeemedConcurrently(): void {
653653
$expected = new JSONResponse([
654654
'error' => 'invalid_request',
655655
], Http::STATUS_BAD_REQUEST);
656-
$expected->throttle(['invalid_request' => 'token already redeemed']);
656+
$expected->throttle(['invalid_request' => 'refresh_token_already_redeemed']);
657657

658658
$accessToken = new AccessToken();
659659
$accessToken->setId(21);

0 commit comments

Comments
 (0)