Skip to content

Commit

Permalink
Fix: validate loginAfterState on callback handler
Browse files Browse the repository at this point in the history
  • Loading branch information
@withSang
withSang committed Aug 21, 2023
1 parent 4b1b359 commit 0fb2e79
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
5 changes: 4 additions & 1 deletion src/services/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,10 @@ const sparcsssoHandler = (req, res) => {
};

const sparcsssoCallbackHandler = (req, res) => {
const { state, redirectOrigin, redirectPath } = req.session?.loginAfterState;
const loginAfterState = req.session?.loginAfterState;
if (!loginAfterState)
return res.status(400).send("SparcsssoCallbackHandler : invalid request");
const { state, redirectOrigin, redirectPath } = loginAfterState;
const stateForCmp = req.body.state || req.query.state;

req.session.loginAfterState = undefined;
Expand Down
5 changes: 4 additions & 1 deletion src/services/auth.replace.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,10 @@ const createUserData = (id) => {

const loginReplaceHandler = (req, res) => {
const { id } = req.body;
const { redirectOrigin, redirectPath } = req.session?.loginAfterState;
const loginAfterState = req.session?.loginAfterState;
if (!loginAfterState)
return res.status(400).send("SparcsssoCallbackHandler : invalid request");
const { redirectOrigin, redirectPath } = loginAfterState;
tryLogin(req, res, createUserData(id), redirectOrigin, redirectPath);
};

Expand Down

0 comments on commit 0fb2e79

Please sign in to comment.