Fix incorrect duplicate params check in OAuth pipes

GrottoPress · Aug 9, 2024 · a7a2c13 · a7a2c13
1 parent e621c08
commit a7a2c13
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [Unreleased] - 
+
+### Fixed
+- Fix incorrect duplicate params check in OAuth pipes
+
 ## [1.2.1] - 2024-07-25
 
 ### Fixed

diff --git a/src/shield/actions/api/oauth/authorization/pipes.cr b/src/shield/actions/api/oauth/authorization/pipes.cr
@@ -118,5 +118,10 @@ module Shield::Api::Oauth::Authorization::Pipes
         state: state
       })
     end
+
+    # @[Override]
+    private def has_duplicate_params
+      has_duplicate_params(params.from_form_data)
+    end
   end
 end
diff --git a/src/shield/actions/oauth/pipes.cr b/src/shield/actions/oauth/pipes.cr
@@ -47,7 +47,15 @@ module Shield::Oauth::Pipes
     end
 
     private def has_duplicate_params
-      params.from_query.any? { |name, _| name.size > 1 }
+      has_duplicate_params(params.from_query)
+    end
+
+    private def has_duplicate_params(params)
+      params.each do |name, _|
+        return true if params.fetch_all(name).size > 1
+      end
+
+      false
     end
   end
 end