config: allow blank identity providers when loading sessions for service account support (#3709)

This commit is contained in:
Caleb Doxsey 2022-10-27 08:32:06 -06:00 committed by GitHub
parent 1b596115e9
commit 6a9d6e45e1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 25 additions and 7 deletions

View file

@ -69,14 +69,16 @@ func (store *SessionStore) LoadSessionState(r *http.Request) (*sessions.State, e
}
// confirm that the identity provider id matches the state
idp, err := store.options.GetIdentityProviderForRequestURL(urlutil.GetAbsoluteURL(r).String())
if err != nil {
return nil, err
}
if state.IdentityProviderID != "" {
idp, err := store.options.GetIdentityProviderForRequestURL(urlutil.GetAbsoluteURL(r).String())
if err != nil {
return nil, err
}
if idp.GetId() != state.IdentityProviderID {
return nil, fmt.Errorf("unexpected session state identity provider id: %s != %s",
idp.GetId(), state.IdentityProviderID)
if idp.GetId() != state.IdentityProviderID {
return nil, fmt.Errorf("unexpected session state identity provider id: %s != %s",
idp.GetId(), state.IdentityProviderID)
}
}
return &state, nil