Fix for OIDC session checking
Change-Id: I5232062ea68cb30d203d2e8b63cc0ab9a7b2fc2b
This commit is contained in:
parent
a5ada7d3a6
commit
bcd66970b7
|
@ -226,12 +226,6 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
$this->principal_service->register
|
|
||||||
(
|
|
||||||
$auth_code->getUserId(),
|
|
||||||
$auth_code->getAuthTime()
|
|
||||||
);
|
|
||||||
|
|
||||||
//ensure that the authorization code was issued to the authenticated
|
//ensure that the authorization code was issued to the authenticated
|
||||||
//confidential client, or if the client is public, ensure that the
|
//confidential client, or if the client is public, ensure that the
|
||||||
//code was issued to "client_id" in the request
|
//code was issued to "client_id" in the request
|
||||||
|
@ -374,7 +368,7 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
|
||||||
throw new OAuth2GenericException("Invalid Auth Code");
|
throw new OAuth2GenericException("Invalid Auth Code");
|
||||||
}
|
}
|
||||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||||
$session_state = self::getSessionState
|
$session_state = $this->getSessionState
|
||||||
(
|
(
|
||||||
self::getOrigin
|
self::getOrigin
|
||||||
(
|
(
|
||||||
|
|
|
@ -168,7 +168,7 @@ class HybridGrantType extends InteractiveGrantType
|
||||||
);
|
);
|
||||||
|
|
||||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||||
$session_state = self::getSessionState
|
$session_state = $this->getSessionState
|
||||||
(
|
(
|
||||||
self::getOrigin
|
self::getOrigin
|
||||||
(
|
(
|
||||||
|
|
|
@ -193,7 +193,7 @@ class ImplicitGrantType extends InteractiveGrantType
|
||||||
);
|
);
|
||||||
|
|
||||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||||
$session_state = self::getSessionState
|
$session_state = $this->getSessionState
|
||||||
(
|
(
|
||||||
self::getOrigin
|
self::getOrigin
|
||||||
(
|
(
|
||||||
|
|
|
@ -244,13 +244,6 @@ abstract class InteractiveGrantType extends AbstractGrantType
|
||||||
$approval_prompt = $request->getApprovalPrompt();
|
$approval_prompt = $request->getApprovalPrompt();
|
||||||
$user = $this->auth_service->getCurrentUser();
|
$user = $this->auth_service->getCurrentUser();
|
||||||
|
|
||||||
$this->principal_service->clear();
|
|
||||||
$this->principal_service->register
|
|
||||||
(
|
|
||||||
$user->getId(),
|
|
||||||
time()
|
|
||||||
);
|
|
||||||
|
|
||||||
// check if logged user its the same as login hint
|
// check if logged user its the same as login hint
|
||||||
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
||||||
|
|
||||||
|
@ -325,28 +318,32 @@ abstract class InteractiveGrantType extends AbstractGrantType
|
||||||
*/
|
*/
|
||||||
public function getSessionState($origin, $client_id, $session_id)
|
public function getSessionState($origin, $client_id, $session_id)
|
||||||
{
|
{
|
||||||
$this->log_service->info(sprintf(
|
|
||||||
|
$this->log_service->debug_msg(sprintf(
|
||||||
"InteractiveGrantType::getSessionState origin %s client_id %s session_id %s",
|
"InteractiveGrantType::getSessionState origin %s client_id %s session_id %s",
|
||||||
$origin,
|
$origin,
|
||||||
$client_id,
|
$client_id,
|
||||||
$session_id
|
$session_id
|
||||||
));
|
));
|
||||||
|
|
||||||
|
// warning: mcrypt_create_iv deprecated on php 7.x
|
||||||
$salt = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
|
$salt = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
|
||||||
$message = "{$client_id}{$origin}{$session_id}{$salt}";
|
$message = "{$client_id}{$origin}{$session_id}{$salt}";
|
||||||
$this->log_service->info(sprintf(
|
$this->log_service->debug_msg(sprintf(
|
||||||
"InteractiveGrantType::getSessionState message %s",
|
"InteractiveGrantType::getSessionState message %s",
|
||||||
$message
|
$message
|
||||||
));
|
));
|
||||||
$hash = hash('sha256', $message);
|
$hash = hash('sha256', $message);
|
||||||
$this->log_service->info(sprintf(
|
$this->log_service->debug_msg(sprintf(
|
||||||
"InteractiveGrantType::getSessionState hash %s",
|
"InteractiveGrantType::getSessionState hash %s",
|
||||||
$hash
|
$hash
|
||||||
));
|
));
|
||||||
$session_state = $hash. '.' . $salt;
|
$session_state = $hash. '.' . $salt;
|
||||||
$this->log_service->info(sprintf(
|
$this->log_service->debug_msg(sprintf(
|
||||||
"InteractiveGrantType::getSessionState session_state %s",
|
"InteractiveGrantType::getSessionState session_state %s",
|
||||||
$session_state
|
$session_state
|
||||||
));
|
));
|
||||||
|
|
||||||
return $session_state;
|
return $session_state;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue