github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

moved CSRF generator to request parser instead of confirmation controller

pull/604/head
Justin Richer 2014-05-13 09:48:34 -04:00
parent a253ebc908
commit dcf36234c4
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -26,7 +26,6 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.SystemScope;
@ -194,9 +193,7 @@ public class OAuthConfirmationController {
}
// inject a random value for CSRF purposes
String csrf = UUID.randomUUID().toString();
model.put("csrf", csrf);
authRequest.getExtensions().put("csrf", csrf);
model.put("csrf", authRequest.getExtensions().get("csrf"));
return "approve";
}

8
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
View File

@ -22,6 +22,7 @@ import java.text.ParseException;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
@ -137,6 +138,13 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
}
}
// add CSRF protection to the request on first parse
String csrf = UUID.randomUUID().toString();
request.getExtensions().put("csrf", csrf);
return request;
}