mirror of
https://github.com/overleaf/overleaf.git
synced 2024-12-03 13:53:37 -05:00
Merge pull request #1494 from sharelatex/spd-overleaf-v1-oauth-state
Use 'state' parameter to prefent CSRF attacks when authenticating with v1 GitOrigin-RevId: bf5f8ddffa391d8f3ca84d3588df906b08eb018d
This commit is contained in:
parent
ea807d053e
commit
c7f30bdfec
1 changed files with 1 additions and 0 deletions
|
@ -75,6 +75,7 @@ module.exports = AuthenticationController =
|
|||
)(req, res, next)
|
||||
|
||||
finishLogin: (user, req, res, next) ->
|
||||
return res.redirect('/login') if user == false # OAuth2 'state' mismatch
|
||||
redir = AuthenticationController._getRedirectFromSession(req) || "/project"
|
||||
AuthenticationController._loginAsyncHandlers(req, user)
|
||||
AuthenticationController.afterLoginSessionSetup req, user, (err) ->
|
||||
|
|
Loading…
Reference in a new issue