estel/dify
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

the conversion OAuthGrantType(parsed_args["grant_type"]) can raise ValueError for invalid values which is not caught and will produce a 500 (#24854)

Browse Source
This commit is contained in:
NeatGuyCoding
2025-09-01 10:05:54 +08:00
committed by GitHub
parent c45d676477
commit 2e6e414a9e
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
api/controllers/console/auth/oauth_server.py
View File

@@ -122,7 +122,10 @@ class OAuthServerUserTokenApi(Resource):
parser.add_argument("refresh_token", type=str, required=False, location="json") parser.add_argument("refresh_token", type=str, required=False, location="json")
parsed_args = parser.parse_args() parsed_args = parser.parse_args()
grant_type = OAuthGrantType(parsed_args["grant_type"]) try:
grant_type = OAuthGrantType(parsed_args["grant_type"])
except ValueError:
raise BadRequest("invalid grant_type")
if grant_type == OAuthGrantType.AUTHORIZATION_CODE: if grant_type == OAuthGrantType.AUTHORIZATION_CODE:
if not parsed_args["code"]: if not parsed_args["code"]:
@@ -160,8 +163,6 @@ class OAuthServerUserTokenApi(Resource):
"refresh_token": refresh_token, "refresh_token": refresh_token,
} }
) )
else:
raise BadRequest("invalid grant_type")
class OAuthServerUserAccountApi(Resource): class OAuthServerUserAccountApi(Resource):