warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

fixed GHSA-868r-97g5-r9g4 - insufficient authentication for SSO users

Browse source
This commit is contained in:
Eugene Pankov 2023-07-07 20:41:00 +02:00
parent 4fe4bfe18e
commit 8173f6512a
No known key found for this signature in database
GPG key ID: 5896FCBBDD1CF4F4
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
warpgate-protocol-http/src/api/sso_provider_list.rs
View file

@ -193,6 +193,12 @@ impl Api {
let mut state = state_arc.lock().await;
let mut cp = services.config_provider.lock().await;
if state.username() != username {
return Ok(Err(format!(
"Incorrect account for SSO authentication ({username})"
)));
}
if cp.validate_credential(&username, &cred).await? {
state.add_valid_credential(cred);
}