IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

oauth: raise error if session state is missing

Browse Source 
ref #9476
This commit is contained in:
bergquist 2017-10-12 15:24:20 +02:00
parent 0848ba2e9c
commit 88f55b01d8
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/api/login_oauth.go
View File

@ -71,8 +71,12 @@ func OAuthLogin(ctx *middleware.Context) {
return return
} }
// verify state string savedState, ok := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
savedState := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string) if !ok {
ctx.Handle(500, "login.OAuthLogin(missing saved state)", nil)
return
}
queryState := ctx.Query("state") queryState := ctx.Query("state")
if savedState != queryState { if savedState != queryState {
ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil) ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil)