dapr
/
components-contrib
mirror of https://github.com/dapr/components-contrib.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes in OAuth2 middleware (#2139) 

1. Use UUIDv4 (random) rather than UUIDv1 (time-based, predictable)
2. Correctly return in case of error

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>

Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
This commit is contained in:
Alessandro (Ale) Segala 2022-09-28 17:03:53 -07:00 committed by GitHub
parent b4d68ed28a
commit da366088e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
middleware/http/oauth2/oauth2_middleware.go
View File

@ -73,17 +73,22 @@ func (m *Middleware) GetHandler(metadata middleware.Metadata) (func(h fasthttp.R
TokenURL: meta.TokenURL,
},
}
session := sessions.StartFasthttp(ctx)
if session.GetString(meta.AuthHeaderName) != "" {
ctx.Request.Header.Add(meta.AuthHeaderName, session.GetString(meta.AuthHeaderName))
h(ctx)
return
}
state := string(ctx.FormValue(stateParam))
//nolint:nestif
if state == "" {
id, _ := uuid.NewUUID()
id, err := uuid.NewRandom()
if err != nil {
ctx.Error(fasthttp.StatusMessage(fasthttp.StatusInternalServerError), fasthttp.StatusInternalServerError)
return
}
session.Set(savedState, id.String())
session.Set(redirectPath, string(ctx.RequestURI()))
url := conf.AuthCodeURL(id.String(), oauth2.AccessTypeOffline)
@ -100,15 +105,17 @@ func (m *Middleware) GetHandler(metadata middleware.Metadata) (func(h fasthttp.R
code := string(ctx.FormValue(codeParam))
if code == "" {
ctx.Error("code not found", fasthttp.StatusBadRequest)
} else {
token, err := conf.Exchange(context.Background(), code)
if err != nil {
ctx.Error(err.Error(), fasthttp.StatusInternalServerError)
}
session.Set(meta.AuthHeaderName, token.Type()+" "+token.AccessToken)
ctx.Request.Header.Add(meta.AuthHeaderName, token.Type()+" "+token.AccessToken)
ctx.Redirect(redirectURL, 302)
return
}
token, err := conf.Exchange(context.Background(), code)
if err != nil {
ctx.Error(err.Error(), fasthttp.StatusInternalServerError)
return
}
session.Set(meta.AuthHeaderName, token.Type()+" "+token.AccessToken)
ctx.Request.Header.Add(meta.AuthHeaderName, token.Type()+" "+token.AccessToken)
ctx.Redirect(redirectURL, 302)
}
}
}