in src/main/java/org/jetbrains/teamcity/githubauth/GitHubOAuth.java [125:152]
private HttpAuthenticationResult validateRequest(HttpServletRequest request, HttpServletResponse response) throws IOException {
if (!request.getRequestURI().endsWith("/oauth/github/accessToken.html")) {
logger.debug("Skip GitHub authentication: path doesn't match " + request.getPathInfo());
return HttpAuthenticationResult.notApplicable();
}
if (request.getParameter("error") != null) {
logger.warn("GitHub login error: user was redirected with an 'error', URL: " + request.getRequestURI() + "?" + request.getQueryString());
return HttpAuthUtil.sendUnauthorized(request, response, "GitHub login error: user was redirected with 'error' param.", emptySet());
}
if (Strings.isNullOrEmpty(request.getParameter("code"))) {
logger.warn("GitHub login error: 'code' parameter is empty");
return HttpAuthUtil.sendUnauthorized(request, response, "GitHub login error: 'code' parameter is empty", emptySet());
}
String state = request.getParameter("state");
if (state == null) {
logger.warn("Attempt to login using GitHub with empty 'state' parameter. Request: " + WebUtil.getRequestDump(request));
return HttpAuthUtil.sendUnauthorized(request, response, "GitHub login error: 'state' parameter is empty", emptySet());
}
if (!state.equals(request.getSession().getAttribute(STATE_SESSION_ATTR_NAME))) {
logger.warn("Attempt to login using GitHub with invalid 'state' parameter: " + state + ". Request: " + WebUtil.getRequestDump(request));
return HttpAuthUtil.sendUnauthorized(request, response, "GitHub login error: 'state' parameter is invalid", emptySet());
}
return null;
}