llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-09-07 02:20:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: fix issue that signing up via provider in shared application will sign up to built-in app (#4093)

Browse Source
This commit is contained in:
DacongDA
2025-08-17 22:32:47 +08:00
committed by GitHub
parent c179324de4
commit ad6080e763
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
controllers/auth.go
View File

@@ -719,7 +719,8 @@ func (c *ApiController) Login() {
setHttpClient(idProvider, provider.Type)
if authForm.State != conf.GetConfigString("authState") && authForm.State != application.Name {
stateApplicationName := strings.Split(authForm.State, "-org-")[0]
if authForm.State != conf.GetConfigString("authState") && stateApplicationName != application.Name {
c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), authForm.State))
return
}

6
web/src/auth/Provider.js
View File

@@ -392,7 +392,11 @@ export function getAuthUrl(application, provider, method, code) {
let redirectUri = `${redirectOrigin}/callback`;
let scope = authInfo[provider.type].scope;
const isShortState = (provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger")) || (provider.type === "Twitter");
const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
let applicationName = application.name;
if (application?.isShared) {
applicationName = `${application.name}-org-${application.organization}`;
}
const state = Util.getStateFromQueryParams(applicationName, provider.name, method, isShortState);
const codeChallenge = "P3S-a7dr8bgM4bF6vOyiKkKETDl16rcAzao9F8UIL1Y"; // SHA256(Base64-URL-encode("casdoor-verifier"))
if (provider.type === "AzureAD") {