bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

Update SSO component to parse state for comparison (#210)

Browse Source 
* Update sso component to parse state for comparison

* No more truthy or dare

* fix lint errors for ===
This commit is contained in:
Chad Scharf
2020-11-23 16:12:28 -05:00
committed by GitHub
parent 0a73b6fca8
commit ea6fd5ac38
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/angular/components/sso.component.ts
View File

@@ -51,8 +51,8 @@ export class SsoComponent {
const state = await this.storageService.get<string>(ConstantsService.ssoStateKey); const state = await this.storageService.get<string>(ConstantsService.ssoStateKey);
await this.storageService.remove(ConstantsService.ssoCodeVerifierKey); await this.storageService.remove(ConstantsService.ssoCodeVerifierKey);
await this.storageService.remove(ConstantsService.ssoStateKey); await this.storageService.remove(ConstantsService.ssoStateKey);
if (qParams.code != null && codeVerifier != null && state != null && state === qParams.state) { if (qParams.code != null && codeVerifier != null && state != null && this.checkState(state, qParams.state)) {
await this.logIn(qParams.code, codeVerifier, this.getOrgIdentiferFromState(state)); await this.logIn(qParams.code, codeVerifier, this.getOrgIdentiferFromState(qParams.state));
} }
} else if (qParams.clientId != null && qParams.redirectUri != null && qParams.state != null && } else if (qParams.clientId != null && qParams.redirectUri != null && qParams.state != null &&
qParams.codeChallenge != null) { qParams.codeChallenge != null) {
@@ -177,11 +177,24 @@ export class SsoComponent {
} }
private getOrgIdentiferFromState(state: string): string { private getOrgIdentiferFromState(state: string): string {
if (!state) { if (state === null || state === undefined) {
return null; return null;
} }
const stateSplit = state.split('_identifier='); const stateSplit = state.split('_identifier=');
return stateSplit.length > 1 ? stateSplit[1] : null; return stateSplit.length > 1 ? stateSplit[1] : null;
} }
private checkState(state: string, checkState: string): boolean {
if (state === null || state === undefined) {
return false;
}
if (checkState === null || checkState === undefined) {
return false;
}
const stateSplit = state.split('_identifier=');
const checkStateSplit = checkState.split('_identifier=');
return stateSplit[0] === checkStateSplit[0];
}
} }