github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state

Browse source 
Use 'state' parameter to prefent CSRF attacks when authenticating with v1

GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
This commit is contained in:
Simon Detheridge 2019-02-11 11:23:53 +00:00 committed by sharelatex
parent ea807d053e
commit c7f30bdfec
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
View file

@ -75,6 +75,7 @@ module.exports = AuthenticationController =
)(req, res, next)
finishLogin: (user, req, res, next) ->
return res.redirect('/login') if user == false # OAuth2 'state' mismatch
redir = AuthenticationController._getRedirectFromSession(req) || "/project"
AuthenticationController._loginAsyncHandlers(req, user)
AuthenticationController.afterLoginSessionSetup req, user, (err) ->