diff --git a/app/controllers/reopen_authorizations_controller.rb b/app/controllers/reopen_authorizations_controller.rb
index d4fef3740..9ec32f078 100644
--- a/app/controllers/reopen_authorizations_controller.rb
+++ b/app/controllers/reopen_authorizations_controller.rb
@@ -1,5 +1,5 @@
 class ReopenAuthorizationsController < AuthenticatedUserController
-  before_action :extract_authorization
+  before_action :extract_authorization, :extract_authorization_request_class
   before_action :authorize_authorization_reopening
 
   def new; end
@@ -22,7 +22,7 @@ def reopen_authorization
     ReopenAuthorization.call(
       authorization: @authorization,
       user: current_user,
-      authorization_request_class: params[:authorization_request_class].try(:constantize) # C'est pas hyper dangereux ce que je fait là par hasard ? (Constantize une string envoyée par le front)
+      authorization_request_class: @authorization_request_class
     )
   end
 
@@ -38,6 +38,14 @@ def extract_authorization
     @authorization = authorization_request.authorizations.friendly.find(params[:authorization_id])
   end
 
+  def extract_authorization_request_class
+    return if params[:authorization_request_class].blank?
+
+    raise ActionController::UnpermittedParameters unless AuthorizationDefinition.all_request_classes.map(&:to_s).include? params[:authorization_request_class]
+    
+    @authorization_request_class = params[:authorization_request_class].constantize
+  end
+
   def authorize_authorization_reopening
     authorize @authorization, :reopen?
   end
diff --git a/app/models/authorization_definition.rb b/app/models/authorization_definition.rb
index a1b24da88..80bd5ed6d 100644
--- a/app/models/authorization_definition.rb
+++ b/app/models/authorization_definition.rb
@@ -91,4 +91,8 @@ def startable_by_applicant
   def authorization_request_class
     @authorization_request_class ||= AuthorizationRequest.const_get(id.classify)
   end
+
+  def self.all_request_classes
+    all.map(&:authorization_request_class)
+  end
 end