From 2dfdaa2223dd078401f605e59c7419d7d9f3410f Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Tue, 15 Sep 2020 08:06:18 +0200 Subject: [PATCH] fix state handling in auth request --- pkg/rp/default_rp.go | 6 +++++- pkg/rp/relaying_party.go | 3 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/pkg/rp/default_rp.go b/pkg/rp/default_rp.go index 610507c..fdf0b38 100644 --- a/pkg/rp/default_rp.go +++ b/pkg/rp/default_rp.go @@ -153,7 +153,11 @@ func (p *DefaultRP) AuthURL(state string, opts ...AuthURLOpt) string { //AuthURL is the `RelayingParty` interface implementation //extending the `AuthURL` method with a http redirect handler func (p *DefaultRP) AuthURLHandler(state string) http.HandlerFunc { - return AuthURLHandler(state, p) + return AuthURLHandler( + func() string { + return state + }, p, + ) } //deprecated: Use CodeExchange func and provide a RelayingParty diff --git a/pkg/rp/relaying_party.go b/pkg/rp/relaying_party.go index 6739238..bab2512 100644 --- a/pkg/rp/relaying_party.go +++ b/pkg/rp/relaying_party.go @@ -230,9 +230,10 @@ func AuthURL(state string, rp RelayingParty, opts ...AuthURLOpt) string { //AuthURLHandler extends the `AuthURL` method with a http redirect handler //including handling setting cookie for secure `state` transfer -func AuthURLHandler(state string, rp RelayingParty) http.HandlerFunc { +func AuthURLHandler(stateFn func() string, rp RelayingParty) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { opts := make([]AuthURLOpt, 0) + state := stateFn() if err := trySetStateCookie(w, state, rp); err != nil { http.Error(w, "failed to create state cookie: "+err.Error(), http.StatusUnauthorized) return