ignore empty auth cookie
This commit is contained in:
David Mosbach
parent
8c0cd0099c
commit
3d8f77861a
@ -152,7 +152,7 @@ loginServer = decideLogin
|
|||||||
| otherwise = throwError err401 { errBody = "Prompt not supported" }
|
| otherwise = throwError err401 { errBody = "Prompt not supported" }
|
||||||
where
|
where
|
||||||
responseType' = readMaybe @ResponseType responseType
|
responseType' = readMaybe @ResponseType responseType
|
||||||
mCreds = mCookies >>= lookup "oa2_auth_cookie" . parseCookiesText . encodeUtf8
|
mCreds = mCookies >>= lookup "oa2_auth_cookie" . parseCookiesText . encodeUtf8 >>= \c -> if c == "\"\"" then Nothing else Just c
|
||||||
validOIDC :: Bool
|
validOIDC :: Bool
|
||||||
validOIDC = let scopes' = map (read @(Scope' user)) $ words scopes
|
validOIDC = let scopes' = map (read @(Scope' user)) $ words scopes
|
||||||
in (Left OpenID `elem` scopes') == (responseType' == Just IDToken)
|
in (Left OpenID `elem` scopes') == (responseType' == Just IDToken)
|
||||||
@ -160,6 +160,7 @@ loginServer = decideLogin
|
|||||||
handleSSO :: AuthHandler user Html
|
handleSSO :: AuthHandler user Html
|
||||||
handleSSO = do -- TODO check openid scope
|
handleSSO = do -- TODO check openid scope
|
||||||
liftIO $ putStrLn "login via SSO..."
|
liftIO $ putStrLn "login via SSO..."
|
||||||
|
liftIO . putStrLn $ "creds: " ++ show mCreds
|
||||||
unless (read @ResponseType responseType == IDToken) $ throwError err500 { errBody = "Unsupported response type" }
|
unless (read @ResponseType responseType == IDToken) $ throwError err500 { errBody = "Unsupported response type" }
|
||||||
unless (isJust mCreds) $ throwError err500 { errBody = "Missing oauth2 cookie" }
|
unless (isJust mCreds) $ throwError err500 { errBody = "Missing oauth2 cookie" }
|
||||||
url' <- handleCreds @user @userData (fromJust mCreds) scopes client url mState mNonce
|
url' <- handleCreds @user @userData (fromJust mCreds) scopes client url mState mNonce
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user