diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-07-28 16:43:27 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-07-28 16:43:27 +0200 |
| commit | 8106b6985620956ce8cfa4126143a95ca87ea976 (patch) | |
| tree | 8536e71042f3ec790c94fd91aa6c955984cf521e /internal/api/client/auth/callback.go | |
| parent | [bugfix] Fix Toot CLI media attachments not working properly (#726) (diff) | |
| download | gotosocial-8106b6985620956ce8cfa4126143a95ca87ea976.tar.xz | |
[feature] add 'state' oauth2 param to /oauth/authorize (#730)
Diffstat (limited to 'internal/api/client/auth/callback.go')
| -rw-r--r-- | internal/api/client/auth/callback.go | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/internal/api/client/auth/callback.go b/internal/api/client/auth/callback.go index 34a4995c8..96a73a52f 100644 --- a/internal/api/client/auth/callback.go +++ b/internal/api/client/auth/callback.go @@ -45,26 +45,26 @@ func (m *Module) CallbackGETHandler(c *gin.Context) { // check the query vs session state parameter to mitigate csrf // https://auth0.com/docs/secure/attack-protection/state-parameters - state := c.Query(callbackStateParam) - if state == "" { + returnedInternalState := c.Query(callbackStateParam) + if returnedInternalState == "" { m.clearSession(s) err := fmt.Errorf("%s parameter not found on callback query", callbackStateParam) api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } - savedStateI := s.Get(sessionState) - savedState, ok := savedStateI.(string) + savedInternalStateI := s.Get(sessionInternalState) + savedInternalState, ok := savedInternalStateI.(string) if !ok { m.clearSession(s) - err := fmt.Errorf("key %s was not found in session", sessionState) + err := fmt.Errorf("key %s was not found in session", sessionInternalState) api.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGet) return } - if state != savedState { + if returnedInternalState != savedInternalState { m.clearSession(s) - err := errors.New("mismatch between query state and session state") + err := errors.New("mismatch between callback state and saved state") api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet) return } |