Skip to content

Commit

Permalink
check sso whitelist in more places
Browse files Browse the repository at this point in the history 
Signed-off-by: Ben Berry <[email protected]>
  • Loading branch information
@bengerman13 @richard-cox
bengerman13 authored and richard-cox committed May 29, 2020
1 parent 4d33c4d commit 839cc2f
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions src/jetstream/authuaa.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,14 @@ func (p *portalProxy) ssoLoginToUAA(c echo.Context) error {
state = fmt.Sprintf("%s/login?SSO_Message=%s", state, url.QueryEscape(msg))
}

if !safeSSORedirectState(state, p.Config.SSOWhiteList) {
err := interfaces.NewHTTPShadowError(
http.StatusUnauthorized,
"SSO Login: Disallowed redirect state",
"SSO Login: Disallowed redirect state")
return err
}

return c.Redirect(http.StatusTemporaryRedirect, state)
}

Expand Down

0 comments on commit 839cc2f

Please sign in to comment.