From: Aki Tuomi Date: Tue, 26 May 2020 10:38:09 +0000 (+0300) Subject: auth: db-oauth2 - Clarify how introspect gets called X-Git-Tag: 2.3.11.2~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=997b4a65751bbde39ffa163ea7e850c1f97f89a4;p=thirdparty%2Fdovecot%2Fcore.git auth: db-oauth2 - Clarify how introspect gets called This should make it more obvious when introspection actually gets called after lookup. Introspection failure is now also moved earlier, before the request would fail later because not all fields are available. --- diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index 91ed1343e9..d484c0a5dd 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -667,11 +667,14 @@ db_oauth2_lookup_continue(struct oauth2_request_result *result, error = "Invalid token"; } else { db_oauth2_fields_merge(req, result->fields); - if (*req->db->set.introspection_url != '\0' && - (req->db->set.force_introspection || - !db_oauth2_have_all_fields(req))) { - e_debug(authdb_event(req->auth_request), - "oauth2: Introspection needed after token validation"); + if (req->token == NULL) { + db_oauth2_callback(req, PASSDB_RESULT_INTERNAL_FAILURE, + "OAuth2 token missing from reply"); + return; + } else if (db_oauth2_have_all_fields(req) && + !req->db->set.force_introspection) { + /* pass */ + } else if (*req->db->set.introspection_url != '\0') { db_oauth2_lookup_introspect(req); return; }