Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: remove transient oidc session after use #807

Closed
wants to merge 3 commits into from
Closed

fix: remove transient oidc session after use #807

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
676525d
fix: remove transient oidc session after use
aeneasr Apr 3, 2024
a9d0299
chore: synchronize workspaces
aeneasr Apr 3, 2024
b46b256
feat: clean up openid table
aeneasr May 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion access_request_handler.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ func (f *Fosite) NewAccessRequest(ctx context.Context, r *http.Request, session

if r.Method != "POST" {
return accessRequest, errorsx.WithStack(ErrInvalidRequest.WithHintf("HTTP method is '%s', expected 'POST'.", r.Method))
} else if err := r.ParseMultipartForm(1 << 20); err != nil && err != http.ErrNotMultipart {
} else if err := r.ParseMultipartForm(1 << 20); err != nil && !errors.Is(err, http.ErrNotMultipart) {
return accessRequest, errorsx.WithStack(ErrInvalidRequest.WithHint("Unable to parse HTTP body, make sure to send a properly formatted form request body.").WithWrap(err).WithDebug(err.Error()))
} else if len(r.PostForm) == 0 {
return accessRequest, errorsx.WithStack(ErrInvalidRequest.WithHint("The POST body can not be empty."))
Expand Down
11 changes: 7 additions & 4 deletions handler/openid/flow_explicit_token.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,15 +22,18 @@ func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context
return errorsx.WithStack(fosite.ErrUnknownRequest)
}

authorizeCode := requester.GetRequestForm().Get("code")

authorize, err := c.OpenIDConnectRequestStorage.GetOpenIDConnectSession(ctx, authorizeCode, requester)
code := requester.GetRequestForm().Get("code")
authorize, err := c.OpenIDConnectRequestStorage.GetOpenIDConnectSession(ctx, code, requester)
if errors.Is(err, ErrNoSessionFound) {
return errorsx.WithStack(fosite.ErrUnknownRequest.WithWrap(err).WithDebug(err.Error()))
} else if err != nil {
return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
}

if err := c.OpenIDConnectRequestStorage.DeleteOpenIDConnectSession(ctx, code); err != nil {
return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
}

if !authorize.GetGrantedScopes().Has("openid") {
return errorsx.WithStack(fosite.ErrMisconfiguration.WithDebug("An OpenID Connect session was found but the openid scope is missing, probably due to a broken code configuration."))
}
Expand All @@ -49,7 +52,7 @@ func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context
return errorsx.WithStack(fosite.ErrServerError.WithDebug("Failed to generate id token because subject is an empty string."))
}

err = c.OpenIDConnectRequestStorage.DeleteOpenIDConnectSession(ctx, authorizeCode)
err = c.OpenIDConnectRequestStorage.DeleteOpenIDConnectSession(ctx, code)
if err != nil {
return errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithDebug(err.Error()))
}
Expand Down
2 changes: 1 addition & 1 deletion handler/openid/storage.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ type OpenIDConnectRequestStorage interface {
// - or an arbitrary error if an error occurred.
GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)

// DeleteOpenIDConnectSession removes an open id connect session from the store.
// DeleteOpenIDConnectSession removes the OpenID Connect Session from the store.
DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}
15 changes: 8 additions & 7 deletions request.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,14 @@ import (

// Request is an implementation of Requester
type Request struct {
ID string `json:"id" gorethink:"id"`
RequestedAt time.Time `json:"requestedAt" gorethink:"requestedAt"`
Client Client `json:"client" gorethink:"client"`
RequestedScope Arguments `json:"scopes" gorethink:"scopes"`
GrantedScope Arguments `json:"grantedScopes" gorethink:"grantedScopes"`
Form url.Values `json:"form" gorethink:"form"`
Session Session `json:"session" gorethink:"session"`
ID string `json:"id"`
RequestedAt time.Time `json:"requestedAt"`
ExpiresAt time.Time `json:"expiresAt"`
Client Client `json:"client"`
RequestedScope Arguments `json:"scopes"`
GrantedScope Arguments `json:"grantedScopes"`
Form url.Values `json:"form"`
Session Session `json:"session"`
RequestedAudience Arguments `json:"requestedAudience"`
GrantedAudience Arguments `json:"grantedAudience"`
Lang language.Tag `json:"-"`
Expand Down
Loading