dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent reuse of authorization code (#184)

Browse Source
This commit is contained in:
Clément Oudot 2015-01-28 16:53:06 +00:00
parent 8082b48b97
commit 0be124d3d7
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
View File

@ -88,6 +88,7 @@ sub issuerForUnAuthUser {
"error" "error"
); );
$self->returnJSONError("invalid_request"); $self->returnJSONError("invalid_request");
$codeSession->remove();
$self->quit; $self->quit;
} }
@ -100,6 +101,7 @@ sub issuerForUnAuthUser {
"Unable to find user session linked to OIDC session $code", "Unable to find user session linked to OIDC session $code",
"error" ); "error" );
$self->returnJSONError("invalid_request"); $self->returnJSONError("invalid_request");
$codeSession->remove();
$self->quit; $self->quit;
} }
@ -114,6 +116,7 @@ sub issuerForUnAuthUser {
$self->lmLog( "Unable to create OIDC session for access_token", $self->lmLog( "Unable to create OIDC session for access_token",
"error" ); "error" );
$self->returnJSONError("invalid_request"); $self->returnJSONError("invalid_request");
$codeSession->remove();
$self->quit; $self->quit;
} }
@ -171,6 +174,7 @@ sub issuerForUnAuthUser {
$self->lmLog( "Token response sent", 'debug' ); $self->lmLog( "Token response sent", 'debug' );
$codeSession->remove();
$self->quit; $self->quit;
} }