mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-12-24 10:07:21 +02:00
setting and checking random state in OAuth flow
This commit is contained in:
parent
e08be916f1
commit
f51b4d5ef3
@ -1,6 +1,7 @@
|
||||
package github
|
||||
|
||||
import (
|
||||
"encoding/base32"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"net/url"
|
||||
@ -12,11 +13,11 @@ import (
|
||||
"github.com/drone/drone/shared/httputil"
|
||||
"github.com/drone/go-github/github"
|
||||
"github.com/drone/go-github/oauth2"
|
||||
"github.com/gorilla/securecookie"
|
||||
)
|
||||
|
||||
var (
|
||||
scope = "repo,repo:status,user:email"
|
||||
state = "FqB4EbagQ2o"
|
||||
)
|
||||
|
||||
type Github struct {
|
||||
@ -151,12 +152,23 @@ func (g *Github) GetLogin(w http.ResponseWriter, r *http.Request) (*remote.Login
|
||||
|
||||
// get the OAuth code
|
||||
code := r.FormValue("code")
|
||||
state := r.FormValue("state")
|
||||
if len(code) == 0 {
|
||||
redirect := oauth.AuthorizeRedirect(scope, state)
|
||||
var random = base32.StdEncoding.EncodeToString(securecookie.GenerateRandomKey(32))
|
||||
httputil.SetCookie(w, r, "github_state", string(random))
|
||||
|
||||
// redirect the user to login
|
||||
redirect := oauth.AuthorizeRedirect(scope, random)
|
||||
http.Redirect(w, r, redirect, http.StatusSeeOther)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
cookieState := httputil.GetCookie(r, "github_state")
|
||||
httputil.DelCookie(w, r, "github_state")
|
||||
if cookieState != state {
|
||||
return nil, fmt.Errorf("Error matching state in OAuth2 redirect")
|
||||
}
|
||||
|
||||
// exchange code for an auth token
|
||||
token, err := oauth.GrantToken(code)
|
||||
if err != nil {
|
||||
|
Loading…
Reference in New Issue
Block a user