User API keys: payload and existing query string leads to a double question mark

blattersturm · July 22, 2019, 10:55am

If I call user-api-key/new with an auth_redirect already containing a query string (e.g. http://localhost:30120/auth-discourse?state=BASE64), I end up with a redirect URI along the likes of http://localhost:30120/auth-discourse?state=BASE64?payload=PAYLOAD - two query strings, and no & appending.

https://github.com/discourse/discourse/blob/888e68a1637ca784a7bf51a6bbb524dcf7413b13/app/controllers/user_api_keys_controller.rb#L96

This code might need to be changed to check if there’s already a query string in the URI, or perhaps use some URI builder?

eviltrout · July 22, 2019, 1:41pm

It does seem like the assumption the code makes is that it doesn’t already contain any query parameters. We’d be open to a PR to fix this.

saurabhp · July 23, 2019, 3:50pm

I have opened PR for this issue here:
https://github.com/discourse/discourse/pull/7923

saurabhp · July 24, 2019, 2:37am

PR has been merged. This topic can be closed

Topic		Replies	Views
User API keys: duplicate client_id will lead to internal server error bug rest-api	4	701	February 15, 2024
Generating User Api Keys with REST API dev rest-api	20	8026	April 8, 2018
User API keys specification developers rest-api , reference	64	28624	April 19, 2024
Per User API Keys Not Working support	2	979	September 2, 2021
Request header field User-Api-Key is not allowed by Access-Control-Allow-Headers bug	7	2353	August 31, 2018

User API keys: payload and existing query string leads to a double question mark

Related Topics