beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-21 15:10:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

oidc/oauth2: use an opaque state

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2024-11-11 19:43:57 +01:00
parent f22ec2275f
commit 4cb6acefb2
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
internal/httpd/oauth2.go
View file

@ -15,13 +15,13 @@
package httpd package httpd
import ( import (
"crypto/sha256"
"encoding/hex"
"encoding/json" "encoding/json"
"errors" "errors"
"sync" "sync"
"time" "time"
"github.com/rs/xid"
"github.com/drakkan/sftpgo/v2/internal/dataprovider" "github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/kms" "github.com/drakkan/sftpgo/v2/internal/kms"
"github.com/drakkan/sftpgo/v2/internal/logger" "github.com/drakkan/sftpgo/v2/internal/logger"
@ -53,8 +53,10 @@ type oauth2PendingAuth struct {
} }
func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth { func newOAuth2PendingAuth(provider int, redirectURL, clientID string, clientSecret *kms.Secret) oauth2PendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
return oauth2PendingAuth{ return oauth2PendingAuth{
State: xid.New().String(), State: hex.EncodeToString(state[:]),
Provider: provider, Provider: provider,
ClientID: clientID, ClientID: clientID,
ClientSecret: clientSecret, ClientSecret: clientSecret,

8
internal/httpd/oidc.go
View file

@ -16,6 +16,7 @@ package httpd
import ( import (
"context" "context"
"crypto/sha256"
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt" "fmt"
@ -203,9 +204,12 @@ type oidcPendingAuth struct {
} }
func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth { func newOIDCPendingAuth(audience tokenAudience) oidcPendingAuth {
state := sha256.Sum256(util.GenerateRandomBytes(32))
nonce := util.GenerateUniqueID()
return oidcPendingAuth{ return oidcPendingAuth{
State: xid.New().String(), State: hex.EncodeToString(state[:]),
Nonce: hex.EncodeToString(util.GenerateRandomBytes(20)), Nonce: nonce,
Audience: audience, Audience: audience,
IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()), IssuedAt: util.GetTimeAsMsSinceEpoch(time.Now()),
} }