devstack/authorizer
4
0
Fork 0
Code Pull Requests Actions Activity

fix: add code to other response methods

Browse Source
This commit is contained in:
Lakhan Samani 2022-10-19 09:03:00 +05:30
parent c716638725
commit 2b52932e98
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/handlers/authorize.go
View File

@ -147,9 +147,6 @@ func AuthorizeHandler() gin.HandlerFunc {
sessionKey = claims.LoginMethod + ":" + user.ID sessionKey = claims.LoginMethod + ":" + user.ID
} }
// rollover the session for security
go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
if responseType == constants.ResponseTypeCode {
nonce := uuid.New().String() nonce := uuid.New().String()
newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod) newSessionTokenData, newSessionToken, err := token.CreateSessionToken(user, nonce, claims.Roles, scope, claims.LoginMethod)
if err != nil { if err != nil {
@ -158,6 +155,16 @@ func AuthorizeHandler() gin.HandlerFunc {
return return
} }
code := uuid.New().String()
if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
log.Debug("SetState failed: ", err)
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
return
}
// rollover the session for security
go memorystore.Provider.DeleteUserSession(sessionKey, claims.Nonce)
if responseType == constants.ResponseTypeCode {
if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil { if err := memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+newSessionTokenData.Nonce, newSessionToken); err != nil {
log.Debug("SetUserSession failed: ", err) log.Debug("SetUserSession failed: ", err)
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK) handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
@ -165,12 +172,6 @@ func AuthorizeHandler() gin.HandlerFunc {
} }
cookie.SetSession(gc, newSessionToken) cookie.SetSession(gc, newSessionToken)
code := uuid.New().String()
if err := memorystore.Provider.SetState(codeChallenge, code+"@"+newSessionToken); err != nil {
log.Debug("SetState failed: ", err)
handleResponse(gc, responseMode, loginURL, redirectURI, loginError, http.StatusOK)
return
}
// in case, response type is code and user is already logged in send the code and state // in case, response type is code and user is already logged in send the code and state
// and cookie session will already be rolled over and set // and cookie session will already be rolled over and set
@ -249,6 +250,7 @@ func AuthorizeHandler() gin.HandlerFunc {
"scope": scope, "scope": scope,
"token_type": "Bearer", "token_type": "Bearer",
"expires_in": expiresIn, "expires_in": expiresIn,
"code": code,
} }
if authToken.RefreshToken != nil { if authToken.RefreshToken != nil {