strapi-plugin-oidc 1.0.10 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/index.js +18 -5
- package/dist/server/index.mjs +18 -5
- package/package.json +1 -1
package/dist/server/index.js
CHANGED
|
@@ -168,11 +168,22 @@ async function oidcSignIn(ctx) {
|
|
|
168
168
|
let { state } = ctx.query;
|
|
169
169
|
const { OIDC_CLIENT_ID, OIDC_REDIRECT_URI, OIDC_SCOPES, OIDC_AUTHORIZATION_ENDPOINT } = configValidation();
|
|
170
170
|
const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge__default.default();
|
|
171
|
-
ctx.session.codeVerifier = codeVerifier;
|
|
172
171
|
if (!state) {
|
|
173
172
|
state = node_crypto.randomBytes(32).toString("base64url");
|
|
174
173
|
}
|
|
175
|
-
|
|
174
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
175
|
+
ctx.cookies.set("oidc_code_verifier", codeVerifier, {
|
|
176
|
+
httpOnly: true,
|
|
177
|
+
maxAge: 6e5,
|
|
178
|
+
secure: isProduction && ctx.request.secure,
|
|
179
|
+
sameSite: "lax"
|
|
180
|
+
});
|
|
181
|
+
ctx.cookies.set("oidc_state", state, {
|
|
182
|
+
httpOnly: true,
|
|
183
|
+
maxAge: 6e5,
|
|
184
|
+
secure: isProduction && ctx.request.secure,
|
|
185
|
+
sameSite: "lax"
|
|
186
|
+
});
|
|
176
187
|
const params = new URLSearchParams();
|
|
177
188
|
params.append("response_type", "code");
|
|
178
189
|
params.append("client_id", OIDC_CLIENT_ID);
|
|
@@ -271,7 +282,9 @@ async function oidcSignInCallback(ctx) {
|
|
|
271
282
|
if (!ctx.query.code) {
|
|
272
283
|
return ctx.send(oauthService2.renderSignUpError("code Not Found"));
|
|
273
284
|
}
|
|
274
|
-
|
|
285
|
+
const oidcState = ctx.cookies.get("oidc_state");
|
|
286
|
+
const codeVerifier = ctx.cookies.get("oidc_code_verifier");
|
|
287
|
+
if (!ctx.query.state || ctx.query.state !== oidcState) {
|
|
275
288
|
return ctx.send(oauthService2.renderSignUpError("Invalid state"));
|
|
276
289
|
}
|
|
277
290
|
const params = new URLSearchParams();
|
|
@@ -280,7 +293,7 @@ async function oidcSignInCallback(ctx) {
|
|
|
280
293
|
params.append("client_secret", config2.OIDC_CLIENT_SECRET);
|
|
281
294
|
params.append("redirect_uri", config2.OIDC_REDIRECT_URI);
|
|
282
295
|
params.append("grant_type", config2.OIDC_GRANT_TYPE);
|
|
283
|
-
params.append("code_verifier",
|
|
296
|
+
params.append("code_verifier", codeVerifier);
|
|
284
297
|
try {
|
|
285
298
|
const userResponseData = await exchangeTokenAndFetchUserInfo(config2, params);
|
|
286
299
|
const { activateUser, jwtToken } = await handleUserAuthentication(
|
|
@@ -867,7 +880,7 @@ function oauthService({ strapi: strapi2 }) {
|
|
|
867
880
|
const sameSite = strapi2.config.get("admin.auth.cookie.sameSite", "lax");
|
|
868
881
|
const cookieOptions = {
|
|
869
882
|
httpOnly: true,
|
|
870
|
-
secure: isProduction,
|
|
883
|
+
secure: isProduction && ctx.request.secure,
|
|
871
884
|
overwrite: true,
|
|
872
885
|
domain,
|
|
873
886
|
path,
|
package/dist/server/index.mjs
CHANGED
|
@@ -162,11 +162,22 @@ async function oidcSignIn(ctx) {
|
|
|
162
162
|
let { state } = ctx.query;
|
|
163
163
|
const { OIDC_CLIENT_ID, OIDC_REDIRECT_URI, OIDC_SCOPES, OIDC_AUTHORIZATION_ENDPOINT } = configValidation();
|
|
164
164
|
const { code_verifier: codeVerifier, code_challenge: codeChallenge } = await pkceChallenge();
|
|
165
|
-
ctx.session.codeVerifier = codeVerifier;
|
|
166
165
|
if (!state) {
|
|
167
166
|
state = randomBytes(32).toString("base64url");
|
|
168
167
|
}
|
|
169
|
-
|
|
168
|
+
const isProduction = process.env.NODE_ENV === "production";
|
|
169
|
+
ctx.cookies.set("oidc_code_verifier", codeVerifier, {
|
|
170
|
+
httpOnly: true,
|
|
171
|
+
maxAge: 6e5,
|
|
172
|
+
secure: isProduction && ctx.request.secure,
|
|
173
|
+
sameSite: "lax"
|
|
174
|
+
});
|
|
175
|
+
ctx.cookies.set("oidc_state", state, {
|
|
176
|
+
httpOnly: true,
|
|
177
|
+
maxAge: 6e5,
|
|
178
|
+
secure: isProduction && ctx.request.secure,
|
|
179
|
+
sameSite: "lax"
|
|
180
|
+
});
|
|
170
181
|
const params = new URLSearchParams();
|
|
171
182
|
params.append("response_type", "code");
|
|
172
183
|
params.append("client_id", OIDC_CLIENT_ID);
|
|
@@ -265,7 +276,9 @@ async function oidcSignInCallback(ctx) {
|
|
|
265
276
|
if (!ctx.query.code) {
|
|
266
277
|
return ctx.send(oauthService2.renderSignUpError("code Not Found"));
|
|
267
278
|
}
|
|
268
|
-
|
|
279
|
+
const oidcState = ctx.cookies.get("oidc_state");
|
|
280
|
+
const codeVerifier = ctx.cookies.get("oidc_code_verifier");
|
|
281
|
+
if (!ctx.query.state || ctx.query.state !== oidcState) {
|
|
269
282
|
return ctx.send(oauthService2.renderSignUpError("Invalid state"));
|
|
270
283
|
}
|
|
271
284
|
const params = new URLSearchParams();
|
|
@@ -274,7 +287,7 @@ async function oidcSignInCallback(ctx) {
|
|
|
274
287
|
params.append("client_secret", config2.OIDC_CLIENT_SECRET);
|
|
275
288
|
params.append("redirect_uri", config2.OIDC_REDIRECT_URI);
|
|
276
289
|
params.append("grant_type", config2.OIDC_GRANT_TYPE);
|
|
277
|
-
params.append("code_verifier",
|
|
290
|
+
params.append("code_verifier", codeVerifier);
|
|
278
291
|
try {
|
|
279
292
|
const userResponseData = await exchangeTokenAndFetchUserInfo(config2, params);
|
|
280
293
|
const { activateUser, jwtToken } = await handleUserAuthentication(
|
|
@@ -861,7 +874,7 @@ function oauthService({ strapi: strapi2 }) {
|
|
|
861
874
|
const sameSite = strapi2.config.get("admin.auth.cookie.sameSite", "lax");
|
|
862
875
|
const cookieOptions = {
|
|
863
876
|
httpOnly: true,
|
|
864
|
-
secure: isProduction,
|
|
877
|
+
secure: isProduction && ctx.request.secure,
|
|
865
878
|
overwrite: true,
|
|
866
879
|
domain,
|
|
867
880
|
path,
|
package/package.json
CHANGED