Fix for OIDC session checking

Change-Id: I5232062ea68cb30d203d2e8b63cc0ab9a7b2fc2b
This commit is contained in:
Sebastian Marcet 2018-08-07 13:51:51 -03:00
parent a5ada7d3a6
commit bcd66970b7
4 changed files with 11 additions and 20 deletions

View File

@ -226,12 +226,6 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
)
);
$this->principal_service->register
(
$auth_code->getUserId(),
$auth_code->getAuthTime()
);
//ensure that the authorization code was issued to the authenticated
//confidential client, or if the client is public, ensure that the
//code was issued to "client_id" in the request
@ -374,7 +368,7 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
throw new OAuth2GenericException("Invalid Auth Code");
}
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
$session_state = self::getSessionState
$session_state = $this->getSessionState
(
self::getOrigin
(

View File

@ -168,7 +168,7 @@ class HybridGrantType extends InteractiveGrantType
);
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
$session_state = self::getSessionState
$session_state = $this->getSessionState
(
self::getOrigin
(

View File

@ -193,7 +193,7 @@ class ImplicitGrantType extends InteractiveGrantType
);
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
$session_state = self::getSessionState
$session_state = $this->getSessionState
(
self::getOrigin
(

View File

@ -244,13 +244,6 @@ abstract class InteractiveGrantType extends AbstractGrantType
$approval_prompt = $request->getApprovalPrompt();
$user = $this->auth_service->getCurrentUser();
$this->principal_service->clear();
$this->principal_service->register
(
$user->getId(),
time()
);
// check if logged user its the same as login hint
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
@ -325,28 +318,32 @@ abstract class InteractiveGrantType extends AbstractGrantType
*/
public function getSessionState($origin, $client_id, $session_id)
{
$this->log_service->info(sprintf(
$this->log_service->debug_msg(sprintf(
"InteractiveGrantType::getSessionState origin %s client_id %s session_id %s",
$origin,
$client_id,
$session_id
));
// warning: mcrypt_create_iv deprecated on php 7.x
$salt = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
$message = "{$client_id}{$origin}{$session_id}{$salt}";
$this->log_service->info(sprintf(
$this->log_service->debug_msg(sprintf(
"InteractiveGrantType::getSessionState message %s",
$message
));
$hash = hash('sha256', $message);
$this->log_service->info(sprintf(
$this->log_service->debug_msg(sprintf(
"InteractiveGrantType::getSessionState hash %s",
$hash
));
$session_state = $hash. '.' . $salt;
$this->log_service->info(sprintf(
$this->log_service->debug_msg(sprintf(
"InteractiveGrantType::getSessionState session_state %s",
$session_state
));
return $session_state;
}