Docker/portainer
Docker/portainer
1
0
Fork 0
mirror of https://github.com/portainer/portainer.git synced 2025-08-04 13:25:26 +02:00
Code Issues Releases Activity

fix(oauth): state to follow OAuth 2 RFC against CSRF

Browse source
This commit is contained in:
xAt0mZ 2019-07-26 18:21:23 +02:00
parent b537a9ad0d
commit a33dbd1e91
1 changed files with 0 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/portainer/views/auth/authController.js
View file

@ -119,18 +119,12 @@ function($async, $q, $scope, $state, $stateParams, $sanitize, Authentication, Us
} }
function generateState() { function generateState() {
if ($scope.state.OAuthProvider !== 'OAuth') {
return '';
}
const uuid = uuidv4(); const uuid = uuidv4();
LocalStorage.storeLoginStateUUID(uuid); LocalStorage.storeLoginStateUUID(uuid);
return '&state=' + uuid; return '&state=' + uuid;
} }
function hasValidState(state) { function hasValidState(state) {
if ($scope.state.OAuthProvider !== 'OAuth') {
return true;
}
const savedUUID = LocalStorage.getLoginStateUUID(); const savedUUID = LocalStorage.getLoginStateUUID();
return savedUUID === state; return savedUUID === state;
} }