From: Sergey Kitov Date: Wed, 27 Feb 2019 13:39:34 +0000 (+0200) Subject: auth: Fix processing of wrong password for oauth2 password grant X-Git-Tag: 2.3.6~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b130bc9b5b0c08f6a25b871edc8e664f3168e793;p=thirdparty%2Fdovecot%2Fcore.git auth: Fix processing of wrong password for oauth2 password grant --- diff --git a/src/auth/db-oauth2.c b/src/auth/db-oauth2.c index b3ababb11d..6a5349ffe0 100644 --- a/src/auth/db-oauth2.c +++ b/src/auth/db-oauth2.c @@ -603,12 +603,18 @@ db_oauth2_lookup_passwd_grant(struct oauth2_passwd_grant_result *result, req->req = NULL; - if (!result->success) { + if (!result->valid) { passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; - error = result->error; - } else if (!result->valid) { - passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH; - error = "Invalid token"; + if (result->success) { + error = auth_fields_find(req->fields, "error"); + if (error != NULL && + strcmp("invalid_grant", error) == 0) { + passdb_result = PASSDB_RESULT_PASSWORD_MISMATCH; + } + if (error == NULL) + error = "Internal error"; + } else + error = result->error; } else { db_oauth2_fields_merge(req, result->fields); if (*req->db->set.introspection_url != '\0' && @@ -617,7 +623,13 @@ db_oauth2_lookup_passwd_grant(struct oauth2_passwd_grant_result *result, auth_request_log_debug(req->auth_request, AUTH_SUBSYS_DB, "oauth2: Introspection needed after token validation"); req->token = auth_fields_find(req->fields, "access_token"); - db_oauth2_lookup_introspect(req); + if (req->token != NULL) + db_oauth2_lookup_introspect(req); + else { + passdb_result = PASSDB_RESULT_INTERNAL_FAILURE; + error = "Internal error"; + db_oauth2_callback(req, passdb_result, error); + } return; } db_oauth2_process_fields(req, &passdb_result, &error);