From 0eb94df1f7d620e511d8f29e3a0a10453491f5cf Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 20 Aug 2020 16:41:00 +0200
Subject: [PATCH] providers/oauth2: fix redirect_uri not being checked
 correctly if multiple redirect_uris are configured

---
 .fossa.yml                                   | 20 --------------------
 passbook/providers/oauth2/views/authorize.py |  4 ++--
 passbook/providers/oauth2/views/token.py     |  4 ++--
 pyproject.toml                               |  2 --
 4 files changed, 4 insertions(+), 26 deletions(-)
 delete mode 100755 .fossa.yml
 delete mode 100644 pyproject.toml

diff --git a/.fossa.yml b/.fossa.yml
deleted file mode 100755
index 31196ea52..000000000
--- a/.fossa.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
-# Visit https://fossa.com to learn more
-
-version: 2
-cli:
-  server: https://app.fossa.com
-  fetcher: custom
-  project: git@github.com:BeryJu/passbook.git
-analyze:
-  modules:
-  - name: static
-    type: npm
-    target: passbook/static/static
-    path: passbook/static/static
-  - name: .
-    type: pip
-    target: .
-    path: .
-    options:
-      strategy: pipenv
diff --git a/passbook/providers/oauth2/views/authorize.py b/passbook/providers/oauth2/views/authorize.py
index 80be86754..d80a036a5 100644
--- a/passbook/providers/oauth2/views/authorize.py
+++ b/passbook/providers/oauth2/views/authorize.py
@@ -143,8 +143,8 @@ class OAuthAuthorizationParams:
         if is_open_id and not self.redirect_uri:
             LOGGER.warning("Missing redirect uri.")
             raise RedirectUriError()
-        if self.redirect_uri not in self.provider.redirect_uris:
-            LOGGER.warning("Invalid redirect uri", redirect_uri=self.redirect_uri)
+        if self.redirect_uri not in self.provider.redirect_uris.split():
+            LOGGER.warning("Invalid redirect uri", redirect_uri=self.redirect_uri, excepted=self.provider.redirect_uris.split())
             raise RedirectUriError()
 
         if not is_open_id and (
diff --git a/passbook/providers/oauth2/views/token.py b/passbook/providers/oauth2/views/token.py
index 4d02405f1..275604d13 100644
--- a/passbook/providers/oauth2/views/token.py
+++ b/passbook/providers/oauth2/views/token.py
@@ -109,8 +109,8 @@ class TokenParams:
             LOGGER.warning("Missing authorization code")
             raise TokenError("invalid_grant")
 
-        if self.redirect_uri not in self.provider.redirect_uris:
-            LOGGER.warning("Invalid redirect uri", uri=self.redirect_uri)
+        if self.redirect_uri not in self.provider.redirect_uris.split():
+            LOGGER.warning("Invalid redirect uri", uri=self.redirect_uri, expected=self.provider.redirect_uris.split())
             raise TokenError("invalid_client")
 
         try:
diff --git a/pyproject.toml b/pyproject.toml
deleted file mode 100644
index b5413f6c7..000000000
--- a/pyproject.toml
+++ /dev/null
@@ -1,2 +0,0 @@
-[tool.black]
-target-version = ['py37']