matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-20 12:02:22 +03:00
Code Activity

Pass time and RNG in CSRF verification methods

Browse Source
This commit is contained in:
Quentin Gliech
2022-10-24 14:12:07 +02:00
parent f0d95a7613
commit b7c50b5403
26 changed files with 143 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
crates/handlers/src/oauth2/consent.rs
View File

@@ -57,6 +57,7 @@ pub(crate) async fn get(
cookie_jar: PrivateCookieJar<Encrypter>,
Path(grant_id): Path<Ulid>,
) -> Result<Response, RouteError> {
let (clock, mut rng) = crate::rng_and_clock()?;
let mut conn = pool
.acquire()
.await
@@ -76,7 +77,7 @@ pub(crate) async fn get(
}
if let Some(session) = maybe_session {
let (csrf_token, cookie_jar) = cookie_jar.csrf_token();
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(clock.now(), &mut rng);
let mut policy = policy_factory.instantiate().await?;
let res = policy
@@ -126,7 +127,7 @@ pub(crate) async fn post(
.context("failed to begin db transaction")?;
cookie_jar
.verify_form(form)
.verify_form(clock.now(), form)
.context("csrf verification failed")?;
let (session_info, cookie_jar) = cookie_jar.session_info();