pierre/BasicOIDC
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Deprecate dangerous feature

Browse Source
This commit is contained in:
Pierre HUBERT 2022-04-18 17:05:26 +02:00
parent 65b3289900
commit fad92c5930
2 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/controllers/openid_controller.rs
View File

@ -308,21 +308,20 @@ pub async fn token(req: HttpRequest,
}
// Check code challenge, if needed
if !client.disable_code_verifier.unwrap_or(false) {
if let Some(chall) = &session.code_challenge {
let code_verifier = match &q.code_verifier {
None => {
return Ok(error_response(&query, "access_denied", "Code verifier missing"));
}
Some(s) => s
};
if !chall.verify_code(code_verifier) {
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
if let Some(chall) = &session.code_challenge {
let code_verifier = match &q.code_verifier {
None => {
return Ok(error_response(&query, "access_denied", "Code verifier missing"));
}
Some(s) => s
};
if !chall.verify_code(code_verifier) {
return Ok(error_response(&query, "invalid_grant", "Invalid code verifier"));
}
}
if session.access_token.is_some() {
return Ok(error_response(&query, "invalid_request", "Authorization code already used!"));
}

1
src/data/client.rs
View File

@ -11,7 +11,6 @@ pub struct Client {
pub description: String,
pub secret: String,
pub redirect_uri: String,
pub disable_code_verifier: Option<bool>,
}
impl PartialEq for Client {