cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

verify state if cookie exists

Browse source
This commit is contained in:
Patrick Vogt 2025-02-26 16:45:02 +01:00
parent 6a80712fbe
commit f334f15c6b
1 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
pkg/client/rp/relying_party.go
View file

@ -4,6 +4,7 @@ import (
"context" "context"
"encoding/base64" "encoding/base64"
"errors" "errors"
"fmt"
"log/slog" "log/slog"
"net/http" "net/http"
"net/url" "net/url"
@ -617,14 +618,19 @@ func trySetStateCookie(w http.ResponseWriter, state string, rp RelyingParty) err
} }
func tryReadStateCookie(w http.ResponseWriter, r *http.Request, rp RelyingParty) (state string, err error) { func tryReadStateCookie(w http.ResponseWriter, r *http.Request, rp RelyingParty) (state string, err error) {
stateRemote := r.FormValue(stateParam)
if rp.CookieHandler() == nil { if rp.CookieHandler() == nil {
return r.FormValue(stateParam), nil // no cookie handler is not a good idea, but not a failure
return stateRemote, nil
} }
state, err = rp.CookieHandler().CheckQueryCookie(r, stateParam) state, err = rp.CookieHandler().CheckQueryCookie(r, stateParam)
if err != nil { if err != nil {
return "", err return "", fmt.Errorf("no state in cookie: %w", err)
} }
rp.CookieHandler().DeleteCookie(w, stateParam) rp.CookieHandler().DeleteCookie(w, stateParam)
if state != stateRemote {
return state, fmt.Errorf("states do not match! cookie: %q remote: %q", state, stateRemote)
}
return state, nil return state, nil
} }