Fix for OIDC session checking
Change-Id: I5232062ea68cb30d203d2e8b63cc0ab9a7b2fc2b
This commit is contained in:
parent
a5ada7d3a6
commit
bcd66970b7
|
@ -226,12 +226,6 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
|
|||
)
|
||||
);
|
||||
|
||||
$this->principal_service->register
|
||||
(
|
||||
$auth_code->getUserId(),
|
||||
$auth_code->getAuthTime()
|
||||
);
|
||||
|
||||
//ensure that the authorization code was issued to the authenticated
|
||||
//confidential client, or if the client is public, ensure that the
|
||||
//code was issued to "client_id" in the request
|
||||
|
@ -374,7 +368,7 @@ class AuthorizationCodeGrantType extends InteractiveGrantType
|
|||
throw new OAuth2GenericException("Invalid Auth Code");
|
||||
}
|
||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||
$session_state = self::getSessionState
|
||||
$session_state = $this->getSessionState
|
||||
(
|
||||
self::getOrigin
|
||||
(
|
||||
|
|
|
@ -168,7 +168,7 @@ class HybridGrantType extends InteractiveGrantType
|
|||
);
|
||||
|
||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||
$session_state = self::getSessionState
|
||||
$session_state = $this->getSessionState
|
||||
(
|
||||
self::getOrigin
|
||||
(
|
||||
|
|
|
@ -193,7 +193,7 @@ class ImplicitGrantType extends InteractiveGrantType
|
|||
);
|
||||
|
||||
// http://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
|
||||
$session_state = self::getSessionState
|
||||
$session_state = $this->getSessionState
|
||||
(
|
||||
self::getOrigin
|
||||
(
|
||||
|
|
|
@ -244,13 +244,6 @@ abstract class InteractiveGrantType extends AbstractGrantType
|
|||
$approval_prompt = $request->getApprovalPrompt();
|
||||
$user = $this->auth_service->getCurrentUser();
|
||||
|
||||
$this->principal_service->clear();
|
||||
$this->principal_service->register
|
||||
(
|
||||
$user->getId(),
|
||||
time()
|
||||
);
|
||||
|
||||
// check if logged user its the same as login hint
|
||||
$requested_user_id = $this->security_context_service->get()->getRequestedUserId();
|
||||
|
||||
|
@ -325,28 +318,32 @@ abstract class InteractiveGrantType extends AbstractGrantType
|
|||
*/
|
||||
public function getSessionState($origin, $client_id, $session_id)
|
||||
{
|
||||
$this->log_service->info(sprintf(
|
||||
|
||||
$this->log_service->debug_msg(sprintf(
|
||||
"InteractiveGrantType::getSessionState origin %s client_id %s session_id %s",
|
||||
$origin,
|
||||
$client_id,
|
||||
$session_id
|
||||
));
|
||||
|
||||
// warning: mcrypt_create_iv deprecated on php 7.x
|
||||
$salt = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
|
||||
$message = "{$client_id}{$origin}{$session_id}{$salt}";
|
||||
$this->log_service->info(sprintf(
|
||||
$this->log_service->debug_msg(sprintf(
|
||||
"InteractiveGrantType::getSessionState message %s",
|
||||
$message
|
||||
));
|
||||
$hash = hash('sha256', $message);
|
||||
$this->log_service->info(sprintf(
|
||||
$this->log_service->debug_msg(sprintf(
|
||||
"InteractiveGrantType::getSessionState hash %s",
|
||||
$hash
|
||||
));
|
||||
$session_state = $hash. '.' . $salt;
|
||||
$this->log_service->info(sprintf(
|
||||
$this->log_service->debug_msg(sprintf(
|
||||
"InteractiveGrantType::getSessionState session_state %s",
|
||||
$session_state
|
||||
));
|
||||
|
||||
return $session_state;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue