Skip to content

Commit

Permalink
chore: synchronize workspaces
Browse files Browse the repository at this point in the history
  • Loading branch information
aeneasr committed Oct 27, 2023
1 parent 7266120 commit e301e46
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 4 deletions.
2 changes: 1 addition & 1 deletion consent/csrf.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ func createCsrfSession(w http.ResponseWriter, r *http.Request, conf x.CookieConf
return nil
}

func validateCsrfSession(r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name, expectedCSRF string) error {
func validateCsrfSession(r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name, expectedCSRF string, _ []byte) error {
if cookie, err := getCsrfSession(r, store, conf, name); err != nil {
return errorsx.WithStack(fosite.ErrRequestForbidden.WithHint("CSRF session cookie could not be decoded."))
} else if csrf, err := mapx.GetString(cookie.Values, "csrf"); err != nil {
Expand Down
4 changes: 2 additions & 2 deletions consent/strategy_default.go
Original file line number Diff line number Diff line change
Expand Up @@ -336,7 +336,7 @@ func (s *DefaultStrategy) verifyAuthentication(w http.ResponseWriter, r *http.Re
}

clientSpecificCookieNameLoginCSRF := fmt.Sprintf("%s_%d", s.r.Config().CookieNameLoginCSRF(ctx), murmur3.Sum32(session.LoginRequest.Client.ID.Bytes()))
if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameLoginCSRF, session.LoginRequest.CSRF); err != nil {
if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameLoginCSRF, session.LoginRequest.CSRF, session.Context); err != nil {
return nil, err
}

Expand Down Expand Up @@ -598,7 +598,7 @@ func (s *DefaultStrategy) verifyConsent(ctx context.Context, w http.ResponseWrit
}

clientSpecificCookieNameConsentCSRF := fmt.Sprintf("%s_%d", s.r.Config().CookieNameConsentCSRF(ctx), murmur3.Sum32(session.ConsentRequest.Client.ID.Bytes()))
if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameConsentCSRF, session.ConsentRequest.CSRF); err != nil {
if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameConsentCSRF, session.ConsentRequest.CSRF, session.Context); err != nil {
return nil, err
}

Expand Down
10 changes: 10 additions & 0 deletions consent/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,11 @@ type AcceptOAuth2ConsentRequest struct {
// the flow.
WasHandled bool `json:"-"`

// Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
// consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
// data.
Context sqlxx.JSONRawMessage `json:"context"`

ConsentRequest *OAuth2ConsentRequest `json:"-"`
Error *RequestDeniedError `json:"-"`
RequestedAt time.Time `json:"-"`
Expand Down Expand Up @@ -236,6 +241,11 @@ type OAuth2ConsentSession struct {
// the flow.
WasHandled bool `json:"-" db:"was_used"`

// Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
// consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
// data.
Context sqlxx.JSONRawMessage `json:"context"`

// Consent Request
//
// The consent request that lead to this consent session.
Expand Down
9 changes: 8 additions & 1 deletion flow/flow.go
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,9 @@ func (f *Flow) HandleLoginRequest(h *consent.HandledLoginRequest) error {
f.LoginExtendSessionLifespan = h.ExtendSessionLifespan
f.ACR = h.ACR
f.AMR = h.AMR
f.Context = h.Context
if h.Context == nil {
f.Context = h.Context
}
f.LoginWasUsed = h.WasHandled
f.LoginAuthenticatedAt = h.AuthenticatedAt
return nil
Expand Down Expand Up @@ -388,6 +390,10 @@ func (f *Flow) HandleConsentRequest(r *consent.AcceptOAuth2ConsentRequest) error
f.ConsentWasHandled = r.WasHandled
f.ConsentError = r.Error

if r.Context != nil {
f.Context = r.Context
}

if r.Session != nil {
f.SessionIDToken = r.Session.IDToken
f.SessionAccessToken = r.Session.AccessToken
Expand Down Expand Up @@ -453,6 +459,7 @@ func (f *Flow) GetHandledConsentRequest() *consent.AcceptOAuth2ConsentRequest {
AuthenticatedAt: f.LoginAuthenticatedAt,
SessionIDToken: f.SessionIDToken,
SessionAccessToken: f.SessionAccessToken,
Context: f.Context,
}
}

Expand Down
1 change: 1 addition & 0 deletions flow/flow_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ func (f *Flow) setHandledConsentRequest(r consent.AcceptOAuth2ConsentRequest) {
f.LoginAuthenticatedAt = r.AuthenticatedAt
f.SessionIDToken = r.SessionIDToken
f.SessionAccessToken = r.SessionAccessToken
f.Context = r.Context
}

func TestFlow_GetLoginRequest(t *testing.T) {
Expand Down

0 comments on commit e301e46

Please sign in to comment.