fix(model): potential panic (#3538)

This fixes a potential panic in the conversion from a fosite.Requester to an *OAuth2Session object.
This commit is contained in:
James Elliott 2022-06-17 22:25:14 +10:00 committed by GitHub
parent 25b5c1ee2e
commit d9c7cd6564
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 10 deletions

View File

@ -44,6 +44,8 @@ func OpenIDConnectTokenPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter
} }
} }
ctx.Logger.Tracef("Access Request with id '%s' on client with id '%s' response is being generated for session with type '%T'", requester.GetID(), client.GetID(), requester.GetSession())
if responder, err = ctx.Providers.OpenIDConnect.Fosite.NewAccessResponse(ctx, requester); err != nil { if responder, err = ctx.Providers.OpenIDConnect.Fosite.NewAccessResponse(ctx, requester); err != nil {
rfc := fosite.ErrorToRFC6749Error(err) rfc := fosite.ErrorToRFC6749Error(err)

View File

@ -4,7 +4,6 @@ import (
"context" "context"
"crypto/sha256" "crypto/sha256"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"net/url" "net/url"
"time" "time"
@ -40,23 +39,27 @@ func NewOAuth2ConsentSession(subject NullUUID, r fosite.Requester) (consent *OAu
func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error) { func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error) {
var ( var (
subject string subject string
openidSession *OpenIDSession sessionOpenID *OpenIDSession
sessData []byte sessionData []byte
) )
openidSession = r.GetSession().(*OpenIDSession) s := r.GetSession()
if openidSession == nil {
return nil, errors.New("unexpected session type") switch t := s.(type) {
case *OpenIDSession:
sessionOpenID = t
default:
return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
} }
subject = openidSession.GetSubject() subject = sessionOpenID.GetSubject()
if sessData, err = json.Marshal(openidSession); err != nil { if sessionData, err = json.Marshal(sessionOpenID); err != nil {
return nil, err return nil, err
} }
return &OAuth2Session{ return &OAuth2Session{
ChallengeID: openidSession.ChallengeID, ChallengeID: sessionOpenID.ChallengeID,
RequestID: r.GetID(), RequestID: r.GetID(),
ClientID: r.GetClient().GetID(), ClientID: r.GetClient().GetID(),
Signature: signature, Signature: signature,
@ -69,7 +72,7 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
Active: true, Active: true,
Revoked: false, Revoked: false,
Form: r.GetRequestForm().Encode(), Form: r.GetRequestForm().Encode(),
Session: sessData, Session: sessionData,
}, nil }, nil
} }