hargata/lubelog
1
0
Fork 0
mirror of https://github.com/hargata/lubelog.git synced 2025-12-10 18:36:38 -06:00
Code Issues Packages Projects Releases 51 Wiki Activity

added OIDC State validation

Browse Source
This commit is contained in:
DESKTOP-GENO133\IvanPlex 2024-02-24 06:14:44 -07:00
parent 8e208e8791
commit a80c6e12ad
2 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Controllers/LoginController.cs
View File

@ -45,10 +45,17 @@ namespace CarCareTracker.Controllers
}
public IActionResult GetRemoteLoginLink()
{
var remoteAuthURL = _config.GetOpenIDConfig().RemoteAuthURL;
var remoteAuthConfig = _config.GetOpenIDConfig();
var generatedState = Guid.NewGuid().ToString().Substring(0, 8);
remoteAuthConfig.State = generatedState;
if (remoteAuthConfig.ValidateState)
{
Response.Cookies.Append("OIDC_STATE", remoteAuthConfig.State, new CookieOptions { Expires = new DateTimeOffset(DateTime.Now.AddMinutes(5)) });
}
var remoteAuthURL = remoteAuthConfig.RemoteAuthURL;
return Json(remoteAuthURL);
}
public async Task<IActionResult> RemoteAuth(string code)
public async Task<IActionResult> RemoteAuth(string code, string state = "")
{
try
{
@ -58,6 +65,20 @@ namespace CarCareTracker.Controllers
//create http client to retrieve user token from OIDC
var httpClient = new HttpClient();
var openIdConfig = _config.GetOpenIDConfig();
//check if validate state is enabled.
if (openIdConfig.ValidateState)
{
var storedStateValue = Request.Cookies["OIDC_STATE"];
if (!string.IsNullOrWhiteSpace(storedStateValue))
{
Response.Cookies.Delete("OIDC_STATE");
}
if (string.IsNullOrWhiteSpace(storedStateValue) || string.IsNullOrWhiteSpace(state) || storedStateValue != state)
{
_logger.LogInformation("Failed OIDC State Validation - Try disabling state validation if you are confident this is not a malicious attempt.");
return new RedirectResult("/Login");
}
}
var httpParams = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("code", code),

3
Models/OIDC/OpenIDConfig.cs
View File

@ -9,7 +9,8 @@
public string TokenURL { get; set; }
public string RedirectURL { get; set; }
public string Scope { get; set; }
public string State { get { return Guid.NewGuid().ToString().Substring(0, 8); } }
public string State { get; set; }
public bool ValidateState { get; set; } = false;
public string RemoteAuthURL { get { return $"{AuthURL}?client_id={ClientId}&response_type=code&redirect_uri={RedirectURL}&scope={Scope}&state={State}"; } }
}
}