3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-24 21:48:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

core/authenticate: validate the identity profile (#4545)

Browse source
This commit is contained in:
Caleb Doxsey 2023-09-15 14:16:28 -06:00 committed by GitHub
parent 723bd91e4b
commit e5a7b994b6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
authenticate/handlers.go
View file

@ -143,7 +143,7 @@ func (a *Authenticate) VerifySession(next http.Handler) http.Handler {
return a.reauthenticateOrFail(w, r, err)
}
_, err = a.loadIdentityProfile(r, state.cookieCipher)
profile, err := a.loadIdentityProfile(r, state.cookieCipher)
if err != nil {
log.FromRequest(r).Info().
Err(err).
@ -152,6 +152,15 @@ func (a *Authenticate) VerifySession(next http.Handler) http.Handler {
return a.reauthenticateOrFail(w, r, err)
}
err = a.validateIdentityProfile(ctx, profile)
if err != nil {
log.FromRequest(r).Info().
Err(err).
Str("idp_id", idpID).
Msg("authenticate: invalid identity profile")
return a.reauthenticateOrFail(w, r, err)
}
next.ServeHTTP(w, r.WithContext(ctx))
return nil
})