go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-05-29 23:17:38 +02:00
Code Issues Releases Activity

Log if refresh changes email

Browse Source
This commit is contained in:
Nick Meves 2021-07-02 22:44:14 -07:00
parent cbd4ce654e
commit 51806c8433
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/middleware/stored_session.go
View File

@ -131,6 +131,7 @@ func (s *storedSessionLoader) refreshSessionIfNeeded(rw http.ResponseWriter, req
// refreshSession attempts to refresh the session with the provider // refreshSession attempts to refresh the session with the provider
// and will save the session if it was updated. // and will save the session if it was updated.
func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) error { func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.Request, session *sessionsapi.SessionState) error {
origEmail := session.Email
refreshed, err := s.sessionRefresher(req.Context(), session) refreshed, err := s.sessionRefresher(req.Context(), session)
if err != nil && !errors.Is(err, providers.ErrNotImplemented) { if err != nil && !errors.Is(err, providers.ErrNotImplemented) {
return fmt.Errorf("error refreshing tokens: %v", err) return fmt.Errorf("error refreshing tokens: %v", err)
@ -161,6 +162,11 @@ func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.R
logger.PrintAuthf(session.Email, req, logger.AuthError, "error saving session: %v", err) logger.PrintAuthf(session.Email, req, logger.AuthError, "error saving session: %v", err)
return fmt.Errorf("error saving session: %v", err) return fmt.Errorf("error saving session: %v", err)
} }
// Log if authenticated user details changed
if session.Email != origEmail {
logger.PrintAuthf(session.Email, req, logger.AuthSuccess,
"Warning: Email changed during refresh: %s => %s", origEmail, session.Email)
}
return nil return nil
} }