Fix bug caused by param check being too strict.

pdsinterop · Jan 13, 2022 · 4281459 · 4281459
1 parent e19e283
commit 4281459
Showing 1 changed file with 3 additions and 22 deletions.
diff --git a/src/Controller/AuthorizeController.php b/src/Controller/AuthorizeController.php
@@ -21,32 +21,13 @@ final public function __invoke(ServerRequestInterface $request, array $args): Re
 
         $queryParams = $request->getQueryParams();
 
-        if (! isset($queryParams['request'])) {
-            return $this->getResponse()
-                ->withStatus(400, "Bad request, missing request")
-            ;
-        }
-
 		$parser = new \Lcobucci\JWT\Parser();
 
-        try {
-            $token = $parser->parse($queryParams['request']);
-        } catch (\Exception $exception) {
-            return $this->getResponse()
-                ->withStatus(400, $exception->getMessage())
-            ;
-        }
-
 		try {
+			$token = $parser->parse($request->getQueryParams()['request']);
 			$_SESSION["nonce"] = $token->getClaim('nonce');
-		} catch(\OutOfBoundsException $e) {
-            if (! isset($queryParams['nonce'])) {
-                return $this->getResponse()
-                    ->withStatus(400, "Bad request, missing nonce")
-                    ;
-            }
-
-			$_SESSION["nonce"] = $queryParams['nonce'];
+		} catch(\Exception $e) {
+			$_SESSION["nonce"] = $request->getQueryParams()['nonce'];
 		}
 
         /*/ Prepare GET parameters for OAUTH server request /*/