llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-02 11:20:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix double GET params issue, fix double state bug.

Browse Source
This commit is contained in:
Yang Luo
2021-03-20 23:50:34 +08:00
parent 808e6c6283
commit 8b921b2c1e
3 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
controllers/auth.go
View File

@ -113,8 +113,9 @@ func (c *ApiController) Login() {
var res authResponse var res authResponse
if form.State != beego.AppConfig.String("AuthState") { if form.State != beego.AppConfig.String("AuthState") && form.State != application.Name {
resp = &Response{Status: "error", Msg: "unauthorized", Data: res} resp = &Response{Status: "error", Msg: fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", beego.AppConfig.String("AuthState"), form.State), Data: res}
c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return
} }
@ -127,7 +128,7 @@ func (c *ApiController) Login() {
} }
if !token.Valid() { if !token.Valid() {
resp = &Response{Status: "error", Msg: "unauthorized", Data: res} resp = &Response{Status: "error", Msg: "invalid token", Data: res}
c.Data["json"] = resp c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return
@ -135,7 +136,7 @@ func (c *ApiController) Login() {
res.Email, res.Method, res.Avatar, err = idProvider.GetUserInfo(httpClient, token) res.Email, res.Method, res.Avatar, err = idProvider.GetUserInfo(httpClient, token)
if err != nil { if err != nil {
resp = &Response{Status: "error", Msg: "Login failed, please try again."} resp = &Response{Status: "error", Msg: "login failed, please try again."}
c.Data["json"] = resp c.Data["json"] = resp
c.ServeJSON() c.ServeJSON()
return return

3
web/src/auth/AuthCallback.js
View File

@ -31,8 +31,7 @@ class AuthCallback extends React.Component {
componentWillMount() { componentWillMount() {
const params = new URLSearchParams(this.props.location.search); const params = new URLSearchParams(this.props.location.search);
let redirectUri; let redirectUri = `${window.location.origin}/callback/${this.state.applicationName}/${this.state.providerName}/${this.state.method}`;
redirectUri = `${window.location.origin}/callback/${this.state.applicationName}/${this.state.providerName}/${this.state.method}`;
const body = { const body = {
application: this.state.applicationName, application: this.state.applicationName,
provider: this.state.providerName, provider: this.state.providerName,

2
web/src/auth/Provider.js
View File

@ -43,7 +43,7 @@ export function getAuthLogo(provider) {
} }
export function getAuthUrl(application, provider, method) { export function getAuthUrl(application, provider, method) {
const redirectUri = `${window.location.origin}/callback/${application.name}/${provider.name}/${method}`; const redirectUri = `${window.location.origin}/callback/${application.name}/${provider.name}/${method}${encodeURIComponent(window.location.search)}`;
if (provider.type === "google") { if (provider.type === "google") {
return `${GoogleAuthUri}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${GoogleAuthScope}&response_type=code&state=${AuthState}`; return `${GoogleAuthUri}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${GoogleAuthScope}&response_type=code&state=${AuthState}`;
} else if (provider.type === "github") { } else if (provider.type === "github") {