lumin/comfycamp
lumin/comfycamp
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity

fix(oidc): use client secret from query params

Browse source
This commit is contained in:
Ivan R. 2024-09-21 12:47:07 +05:00
parent 489c39e16c
commit 08f94ad16b
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
1 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/comfycamp_web/controllers/oauth_controller.ex
View file

@ -77,20 +77,21 @@ defmodule ComfycampWeb.OauthController do
end end
end end
def token(conn, %{"code" => code_value, "redirect_uri" => redirect_uri}) do def token(conn, %{
"code" => code_value,
"redirect_uri" => redirect_uri,
"client_id" => client_id,
"client_secret" => client_secret
}) do
# Check that code is still valid and redirect uri has not been altered. # Check that code is still valid and redirect uri has not been altered.
%OIDCCode{redirect_uri: ^redirect_uri} = code = SSO.get_oidc_code!(code_value) %OIDCCode{redirect_uri: ^redirect_uri} = code = SSO.get_oidc_code!(code_value)
# Get client secret.
[auth_header] = Plug.Conn.get_req_header(conn, "authorization")
"Basic " <> client_secret = auth_header
# Check that client provided a valid secret for an active OIDC app. # Check that client provided a valid secret for an active OIDC app.
%OIDCApp{enabled: true} = oidc_app = SSO.get_oidc_app_by_secret!(client_secret) %OIDCApp{enabled: true, client_id: ^client_id} =
oidc_app = SSO.get_oidc_app_by_secret!(client_secret)
# Check that OIDC app is referenced by provided code. # Check that OIDC app is referenced by provided code.
app_client_id = oidc_app.client_id ^client_id = code.oidc_app.client_id
^app_client_id = code.oidc_app.client_id
# Delete the code. # Delete the code.
SSO.delete_oidc_code(code) SSO.delete_oidc_code(code)