opendev/gerrit
Code Issues Proposed changes

Remove unused OAuthToken in authorisation URL

Browse Source 
When the user needs to be redirected to the OAuth authentication URL
for entering their credentials, the session is not active yet and
there is no OAuthToken available. There is no value then in having
a RequestToken parameter that will always be null anyway.

Change-Id: I00fdbd32923a51e0c92e6bc0efff551936ec344f
This commit is contained in:
Luca Milanesio
2015-03-25 08:05:37 +00:00
committed by Saša Živkov
parent 61074ca4fb
commit 3408d4deb8
2 changed files with 5 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
gerrit-oauth/src/main/java/com/google/gerrit/httpd/auth/oauth/OAuthSession.java
View File

@@ -87,8 +87,7 @@ class OAuthSession {
}
log.debug("Login-Retrieve-User " + this);
token = oauth.getAccessToken(null,
new OAuthVerifier(request.getParameter("code")));
token = oauth.getAccessToken(new OAuthVerifier(request.getParameter("code")));
user = oauth.getUserInfo(token);
@@ -103,7 +102,7 @@ class OAuthSession {
} else {
log.debug("Login-PHASE1 " + this);
redirectUrl = request.getRequestURI();
response.sendRedirect(oauth.getAuthorizationUrl(null) +
response.sendRedirect(oauth.getAuthorizationUrl() +
"&state=" + state);
return false;
}