(ctx context.Context, r *http.Request, db *storage.Connection)
| 515 | } |
| 516 | |
| 517 | func (a *API) loadExternalState(ctx context.Context, r *http.Request, db *storage.Connection) (context.Context, error) { |
| 518 | var state string |
| 519 | switch r.Method { |
| 520 | case http.MethodPost: |
| 521 | state = r.FormValue("state") |
| 522 | default: |
| 523 | state = r.URL.Query().Get("state") |
| 524 | } |
| 525 | if state == "" { |
| 526 | return ctx, apierrors.NewBadRequestError(apierrors.ErrorCodeBadOAuthCallback, "OAuth state parameter missing") |
| 527 | } |
| 528 | |
| 529 | stateUUID, err := uuid.FromString(state) |
| 530 | if err != nil { |
| 531 | return ctx, apierrors.NewBadRequestError(apierrors.ErrorCodeBadOAuthState, "OAuth state parameter is invalid") |
| 532 | } |
| 533 | |
| 534 | return a.loadExternalStateFromUUID(ctx, db, stateUUID) |
| 535 | } |
| 536 | |
| 537 | // loadExternalStateFromUUID loads OAuth state from a flow_state record (new UUID format) |
| 538 | func (a *API) loadExternalStateFromUUID(ctx context.Context, db *storage.Connection, stateID uuid.UUID) (context.Context, error) { |
no test coverage detected