Phil Skentelbery
8dddc73826
CRITICAL SECURITY FIX: The authorization endpoint was bypassing domain verification entirely, allowing anyone to authenticate as any domain. Changes: - Add domain verification check in GET /authorize before showing consent - Add POST /authorize/verify-code endpoint for code validation - Add verify_code.html and verification_error.html templates - Add check_domain_verified() and store_verified_domain() functions - Preserve OAuth parameters through verification flow Flow for unverified domains: 1. GET /authorize -> Check DB for verified domain 2. If not verified: start 2FA (DNS + email) -> show code entry form 3. POST /authorize/verify-code -> validate code -> store verified 4. Show consent page 5. POST /authorize/consent -> issue authorization code Verified domains skip directly to consent page. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
1.9 KiB
1.9 KiB