From c5ba34384f788a1da9b2d77becbfa4dd116f33b0 Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Tue, 7 May 2024 14:26:03 +0200 Subject: [PATCH] fix: wrap authorize response in transaction --- oauth2/handler.go | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) diff --git a/oauth2/handler.go b/oauth2/handler.go index ab01b4b847b..09640f43860 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -1126,31 +1126,36 @@ func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ http claims.Add("sid", session.ConsentRequest.LoginSessionID) // done - response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{ - DefaultSession: &openid.DefaultSession{ - Claims: claims, - Headers: &jwt.Headers{Extra: map[string]interface{}{ - // required for lookup on jwk endpoint - "kid": openIDKeyID, - }}, - Subject: session.ConsentRequest.Subject, - }, - Extra: session.Session.AccessToken, - KID: accessTokenKeyID, - ClientID: authorizeRequest.GetClient().GetID(), - ConsentChallenge: session.ID, - ExcludeNotBeforeClaim: h.c.ExcludeNotBeforeClaim(ctx), - AllowedTopLevelClaims: h.c.AllowedTopLevelClaims(ctx), - MirrorTopLevelClaims: h.c.MirrorTopLevelClaims(ctx), - Flow: flow, - }) - if err != nil { + if err := h.r.Persister().Transaction(ctx, func(ctx context.Context, _ *pop.Connection) error { + response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{ + DefaultSession: &openid.DefaultSession{ + Claims: claims, + Headers: &jwt.Headers{Extra: map[string]interface{}{ + // required for lookup on jwk endpoint + "kid": openIDKeyID, + }}, + Subject: session.ConsentRequest.Subject, + }, + Extra: session.Session.AccessToken, + KID: accessTokenKeyID, + ClientID: authorizeRequest.GetClient().GetID(), + ConsentChallenge: session.ID, + ExcludeNotBeforeClaim: h.c.ExcludeNotBeforeClaim(ctx), + AllowedTopLevelClaims: h.c.AllowedTopLevelClaims(ctx), + MirrorTopLevelClaims: h.c.MirrorTopLevelClaims(ctx), + Flow: flow, + }) + if err != nil { + return err + } + + h.r.OAuth2Provider().WriteAuthorizeResponse(ctx, w, authorizeRequest, response) + return nil + }); err != nil { x.LogError(r, err, h.r.Logger()) h.writeAuthorizeError(w, r, authorizeRequest, err) return } - - h.r.OAuth2Provider().WriteAuthorizeResponse(ctx, w, authorizeRequest, response) } // Delete OAuth 2.0 Access Token Parameters