mirror of
https://github.com/simple-login/app.git
synced 2024-09-20 15:05:59 +08:00
Fix: Check if required session headers exist (#1145)
* Check session keys exist * Update message Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
This commit is contained in:
parent
6aeb710ca0
commit
82d0f44cab
|
@ -31,6 +31,9 @@ _token_url = PROTON_BASE_URL + "/oauth/token"
|
||||||
# when served behind nginx, the redirect_uri is localhost... and not the real url
|
# when served behind nginx, the redirect_uri is localhost... and not the real url
|
||||||
_redirect_uri = URL + "/auth/proton/callback"
|
_redirect_uri = URL + "/auth/proton/callback"
|
||||||
|
|
||||||
|
SESSION_ACTION_KEY = "oauth_action"
|
||||||
|
SESSION_STATE_KEY = "oauth_state"
|
||||||
|
|
||||||
|
|
||||||
def extract_action() -> Action:
|
def extract_action() -> Action:
|
||||||
action = request.args.get("action")
|
action = request.args.get("action")
|
||||||
|
@ -43,7 +46,7 @@ def extract_action() -> Action:
|
||||||
|
|
||||||
|
|
||||||
def get_action_from_state() -> Action:
|
def get_action_from_state() -> Action:
|
||||||
oauth_action = session["oauth_action"]
|
oauth_action = session[SESSION_ACTION_KEY]
|
||||||
if oauth_action == Action.Login.value:
|
if oauth_action == Action.Login.value:
|
||||||
return Action.Login
|
return Action.Login
|
||||||
elif oauth_action == Action.Link.value:
|
elif oauth_action == Action.Link.value:
|
||||||
|
@ -65,13 +68,16 @@ def proton_login():
|
||||||
authorization_url, state = proton.authorization_url(_authorization_base_url)
|
authorization_url, state = proton.authorization_url(_authorization_base_url)
|
||||||
|
|
||||||
# State is used to prevent CSRF, keep this for later.
|
# State is used to prevent CSRF, keep this for later.
|
||||||
session["oauth_state"] = state
|
session[SESSION_STATE_KEY] = state
|
||||||
session["oauth_action"] = extract_action().value
|
session[SESSION_ACTION_KEY] = extract_action().value
|
||||||
return redirect(authorization_url)
|
return redirect(authorization_url)
|
||||||
|
|
||||||
|
|
||||||
@auth_bp.route("/proton/callback")
|
@auth_bp.route("/proton/callback")
|
||||||
def proton_callback():
|
def proton_callback():
|
||||||
|
if SESSION_STATE_KEY not in session or SESSION_STATE_KEY not in session:
|
||||||
|
flash("Invalid state, please retry", "error")
|
||||||
|
return redirect(url_for("auth.login"))
|
||||||
if PROTON_CLIENT_ID is None or PROTON_CLIENT_SECRET is None:
|
if PROTON_CLIENT_ID is None or PROTON_CLIENT_SECRET is None:
|
||||||
return redirect(url_for("auth.login"))
|
return redirect(url_for("auth.login"))
|
||||||
|
|
||||||
|
@ -82,7 +88,7 @@ def proton_callback():
|
||||||
|
|
||||||
proton = OAuth2Session(
|
proton = OAuth2Session(
|
||||||
PROTON_CLIENT_ID,
|
PROTON_CLIENT_ID,
|
||||||
state=session["oauth_state"],
|
state=session[SESSION_STATE_KEY],
|
||||||
redirect_uri=_redirect_uri,
|
redirect_uri=_redirect_uri,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue