habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

outposts/proxy: reduce possibility for redirect loops, keep single state (#3831)

Browse Source 
use single state, redirect when start url is hit with active session

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L
2022-10-20 21:27:34 +02:00
committed by GitHub
parent a1ce8100e9
commit d53733b6fc
6 changed files with 44 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/outpost/proxyv2/application/oauth_callback.go
View File

@ -9,23 +9,13 @@ import (
"golang.org/x/oauth2"
)
func (a *Application) redeemCallback(states []string, u *url.URL, c context.Context) (*Claims, error) {
func (a *Application) redeemCallback(savedState string, u *url.URL, c context.Context) (*Claims, error) {
state := u.Query().Get("state")
if len(states) < 1 {
return nil, fmt.Errorf("no states")
}
found := false
for _, fstate := range states {
if fstate == state {
found = true
}
}
a.log.WithFields(log.Fields{
"states": states,
"states": savedState,
"expected": state,
"found": found,
}).Trace("tracing states")
if !found {
if savedState != state {
return nil, fmt.Errorf("invalid state")
}