mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-23 20:49:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

properly parse logout request

Browse Source 
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
This commit is contained in:
Jörn Friedrich Dreyer
2023-04-12 17:43:59 +02:00
committed by Christian Richter
parent a98a880e7d
commit d2d7c49df4
2 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/proxy/pkg/command/server.go
+4 -6
View File
@@ -5,7 +5,6 @@ import (
"crypto/tls"
"errors"
"fmt"
"io"
"net/http"
"time"
@@ -207,16 +206,15 @@ func (h *StaticRouteHandler) handler() http.Handler {
return m
}
// handle backchannel logout requests as per https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRequest
func (h *StaticRouteHandler) backchannelLogout(w http.ResponseWriter, r *http.Request) {
defer r.Body.Close()
body, err := io.ReadAll(r.Body)
if err != nil {
// parse the application/x-www-form-urlencoded POST request
if err := r.ParseForm(); err != nil {
render.Status(r, http.StatusBadRequest)
return
}
logoutToken, err := h.oidcClient.VerifyLogoutToken(r.Context(), string(body))
logoutToken, err := h.oidcClient.VerifyLogoutToken(r.Context(), r.PostFormValue("logout_token"))
if err != nil {
render.Status(r, http.StatusBadRequest)
return