providers/oauth2: lowercase all uris before checking redirect URI

see #249
This commit is contained in:
Jens Langhammer 2020-10-01 10:00:12 +02:00
parent 4039e96803
commit 2e1849a732

View file

@ -142,7 +142,9 @@ class OAuthAuthorizationParams:
if is_open_id and not self.redirect_uri: if is_open_id and not self.redirect_uri:
LOGGER.warning("Missing redirect uri.") LOGGER.warning("Missing redirect uri.")
raise RedirectUriError() raise RedirectUriError()
if self.redirect_uri not in self.provider.redirect_uris.split(): if self.redirect_uri.lower() not in [
x.lower() for x in self.provider.redirect_uris.split()
]:
LOGGER.warning( LOGGER.warning(
"Invalid redirect uri", "Invalid redirect uri",
redirect_uri=self.redirect_uri, redirect_uri=self.redirect_uri,