agw/overleaf-cep
1
0
Fork 0
mirror of https://github.com/yu-i-i/overleaf-cep.git synced 2026-06-01 21:31:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state

Browse Source 
Use 'state' parameter to prefent CSRF attacks when authenticating with v1

GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
This commit is contained in:
Simon Detheridge
2019-02-11 11:23:53 +00:00
committed by sharelatex
parent ea807d053e
commit c7f30bdfec
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
View File

@@ -75,6 +75,7 @@ module.exports = AuthenticationController =
)(req, res, next)
finishLogin: (user, req, res, next) ->
return res.redirect('/login') if user == false # OAuth2 'state' mismatch
redir = AuthenticationController._getRedirectFromSession(req) || "/project"
AuthenticationController._loginAsyncHandlers(req, user)
AuthenticationController.afterLoginSessionSetup req, user, (err) ->