moved CSRF generator to request parser instead of confirmation controller
parent
a253ebc908
commit
dcf36234c4
|
@ -26,7 +26,6 @@ import java.util.LinkedHashSet;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||
import org.mitre.oauth2.model.SystemScope;
|
||||
|
@ -194,9 +193,7 @@ public class OAuthConfirmationController {
|
|||
}
|
||||
|
||||
// inject a random value for CSRF purposes
|
||||
String csrf = UUID.randomUUID().toString();
|
||||
model.put("csrf", csrf);
|
||||
authRequest.getExtensions().put("csrf", csrf);
|
||||
model.put("csrf", authRequest.getExtensions().get("csrf"));
|
||||
|
||||
return "approve";
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@ import java.text.ParseException;
|
|||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
||||
|
@ -137,6 +138,13 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// add CSRF protection to the request on first parse
|
||||
String csrf = UUID.randomUUID().toString();
|
||||
request.getExtensions().put("csrf", csrf);
|
||||
|
||||
|
||||
|
||||
return request;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue