From 2e1849a732464537ea0bdeeb79033b5013836678 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 1 Oct 2020 10:00:12 +0200
Subject: [PATCH] providers/oauth2: lowercase all uris before checking redirect
 URI

see #249
---
 passbook/providers/oauth2/views/authorize.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/passbook/providers/oauth2/views/authorize.py b/passbook/providers/oauth2/views/authorize.py
index 42fa5653d..21f6d3fa5 100644
--- a/passbook/providers/oauth2/views/authorize.py
+++ b/passbook/providers/oauth2/views/authorize.py
@@ -142,7 +142,9 @@ class OAuthAuthorizationParams:
         if is_open_id and not self.redirect_uri:
             LOGGER.warning("Missing redirect uri.")
             raise RedirectUriError()
-        if self.redirect_uri not in self.provider.redirect_uris.split():
+        if self.redirect_uri.lower() not in [
+            x.lower() for x in self.provider.redirect_uris.split()
+        ]:
             LOGGER.warning(
                 "Invalid redirect uri",
                 redirect_uri=self.redirect_uri,