Unable to authenticate via OAuth if there are query parameters in the redirect_url field

Summary

Going through the OAuth flow with a redirect_uri that contains query parameters such as http://localhost?abc=def is not possible.

https://gitlab.com/gitlab-org/gitlab-ce/commit/6ad1b988678b33e7079f1b1558a0e2a74fb8e600 upgraded the version of doorkeeper to 4.3.1, which has this issue: https://github.com/doorkeeper-gem/doorkeeper/issues/1065. Apparently, it is fixed in 4.3.2.

Steps to reproduce

1. Create a new account on gitlab.com.

2. Create a new oauth application under the new account, and set the redirect uri to something like http://localhost.

3. Run this bash script, going to the URL printed and entering the access code given in the redirect.

   CLIENT_ID=XXX
   CLIENT_SECRET=YYY
   CALLBACK_URL=http://localhost
   
   AUTH_URL="https://gitlab.com/oauth/authorize?client_id=$CLIENT_ID&redirect_uri=$CALLBACK_URL&response_type=code"
   
   echo $AUTH_URL
   echo -n "Enter access code: "
   read ACCESS_CODE
   
   curl -G -X POST "https://gitlab.com/oauth/token" \
   --data client_id=$CLIENT_ID \
   --data client_secret=$CLIENT_SECRET \
   --data grant_type=authorization_code \
   --data code=$ACCESS_CODE --data-urlencode redirect_uri=$CALLBACK_URL
   

It should work and get a valid OAuth token. 4. Change CALLBACK_URL to http://localhost?abc=def. Now it won't work.

What is the current bug behavior?

It should be possible to go through the OAuth flow with a redirect uri with query parameters.

What is the expected correct behavior?

The server returns a 401 error with invalid_grant.

Output of checks

This bug happens on GitLab.com

Possible fixes

Upgrade doorkeeper to 4.3.2.