Check sub of UserInfo JSON (references #183)
This commit is contained in:
parent
bb69d7c255
commit
3c3cc39d0c
@ -39,6 +39,12 @@ sub getUser {
|
|||||||
$self->{tmp}->{OpenIDConnect_user_info} =
|
$self->{tmp}->{OpenIDConnect_user_info} =
|
||||||
$self->decodeJSON($userinfo_content);
|
$self->decodeJSON($userinfo_content);
|
||||||
|
|
||||||
|
# Check that received sub is the same than current user
|
||||||
|
unless ( $self->{tmp}->{OpenIDConnect_user_info}->{sub} eq $self->{user} ) {
|
||||||
|
$self->lmLog( "Received sub do not match current user", 'error' );
|
||||||
|
return PE_BADCREDENTIALS;
|
||||||
|
}
|
||||||
|
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user