From 3184d4bb325893a4c346c53148652e8dc41b3d1d Mon Sep 17 00:00:00 2001
From: Olivier Goffart <ogoffart@woboq.com>
Date: Fri, 22 Sep 2017 18:05:47 +0200
Subject: [PATCH] OAuth2: Fix double slash in URL

We need to use concatPath to avoid possible double '/' in the URLs if the
account url() ends with '/'.

This has become even more of a problem since commit
d1b8370a4ad21c741da507f64a5dbfe82a3fad05 which was resolving the url after
a redirect where most server actually add a '/' if the url is a folder
---
 src/gui/creds/oauth.cpp               | 10 +++++-----
 src/libsync/creds/httpcredentials.cpp |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/gui/creds/oauth.cpp b/src/gui/creds/oauth.cpp
index 0155b0810..05ef093b3 100644
--- a/src/gui/creds/oauth.cpp
+++ b/src/gui/creds/oauth.cpp
@@ -76,7 +76,7 @@ void OAuth::start()
 
                 QString code = rx.cap(1); // The 'code' is the first capture of the regexp
 
-                QUrl requestToken(_account->url().toString() + QLatin1String("/index.php/apps/oauth2/api/v1/token"));
+                QUrl requestToken = Utility::concatUrlPath(_account->url().toString(), QLatin1String("/index.php/apps/oauth2/api/v1/token"));
                 QNetworkRequest req;
                 req.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
 
@@ -154,10 +154,10 @@ void OAuth::start()
 QUrl OAuth::authorisationLink() const
 {
     Q_ASSERT(_server.isListening());
-    QUrl url = QUrl(_account->url().toString()
-        + QLatin1String("/index.php/apps/oauth2/authorize?response_type=code&client_id=")
-        + Theme::instance()->oauthClientId()
-        + QLatin1String("&redirect_uri=http://localhost:") + QString::number(_server.serverPort()));
+    QUrl url = Utility::concatUrlPath(_account->url(), QLatin1String("/index.php/apps/oauth2/authorize"),
+        { { QLatin1String("response_type"), QLatin1String("code") },
+            { QLatin1String("client_id"), Theme::instance()->oauthClientId() },
+            { QLatin1String("redirect_uri"), QLatin1String("http://localhost:") + QString::number(_server.serverPort()) } });
     if (!_expectedUser.isNull())
         url.addQueryItem("user", _expectedUser);
     return url;
diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp
index 52e96edf3..771008bf6 100644
--- a/src/libsync/creds/httpcredentials.cpp
+++ b/src/libsync/creds/httpcredentials.cpp
@@ -344,7 +344,7 @@ bool HttpCredentials::refreshAccessToken()
     if (_refreshToken.isEmpty())
         return false;
 
-    QUrl requestToken(_account->url().toString() + QLatin1String("/index.php/apps/oauth2/api/v1/token"));
+    QUrl requestToken = Utility::concatUrlPath(_account->url(), QLatin1String("/index.php/apps/oauth2/api/v1/token"));
     QNetworkRequest req;
     req.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded");
 
-- 
2.30.2