| Subject: | Clients can steal authorization codes - CatalystX::OAuth2::Store::DBIC |
| Date: | Fri, 21 Aug 2015 12:07:40 +0100 |
| To: | <bug-CatalystX-OAuth2 [...] rt.cpan.org> |
| From: | Mark Stringer <mark.stringer [...] adestra.com> |
Hi,
I discovered that it's possible for a client to convert an authorization
code from another client into an access token for themselves. I believe
I've tracked it down to a bug in CatalystX::OAuth2::Store::DBIC.
The ternary operator's conditions appear to be the wrong way around in
sub find_client_code:
|||return| |$id|
|||? ||$self||->_code_rs->find(||$code||)|
|||: ||$self||->_code_rs(||$id||)->find(||$code||);|
Changing them around does seem to fix my issue, but causes 3 tests to
fail in the distribution.
Thanks
Mark
Message body is not shown because it is too large.