discourse
/
discourse-auth-proxy
mirror of https://github.com/discourse/discourse-auth-proxy.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Don't panic if we don't find the nonce in the cache

This commit is contained in:
Matt Palmer 2017-10-03 20:33:47 +11:00
parent febc3e4fe3
commit 2d8643d593
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
main.go
View File

@ -186,10 +186,13 @@ func redirectIfNoCookie(handler http.Handler, r *http.Request, w http.ResponseWr
func getReturnUrl(secret string, payload string, sig string, nonce string) (returnUrl string, err error) { func getReturnUrl(secret string, payload string, sig string, nonce string) (returnUrl string, err error) {
value, gotNonce := nonceCache.Get(nonce) value, gotNonce := nonceCache.Get(nonce)
if !gotNonce {
err = fmt.Errorf("Nonce %s not found", nonce)
return
}
returnUrl = value.(string) returnUrl = value.(string)
nonceCache.Remove(nonce) nonceCache.Remove(nonce)
valid := ComputeHmac256(payload, secret) == sig && gotNonce if ComputeHmac256(payload, secret) != sig {
if !valid {
err = fmt.Errorf("Signature is invalid") err = fmt.Errorf("Signature is invalid")
} }
return return