Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Increase detail of state token errors

Browse Source 
Before: a missing state error could be returned for 3 reasons: a token was not provided, the token provided was invalid, or the token provided had expired.

There was no way of knowing which of these was the cause of any single missing state error.

Now: if no token is provided, a missing state error is returned, and the "openid-connect-generic-no-state-provided" action is called.

If the token provided is invalid, an "Invalid state" error is thrown and the "openid-connect-generic-state-not-found" action is called.

If the token provided has expired, an "Invalid state" error is returned and the "openid-connect-generic-state-expired" action is called.

This should allow for more granular error logging around state token errors.
isekai
Rob Skilling 5 years ago
parent 43badcc569
commit 836500a495
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File

27
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -83,14 +83,19 @@ class OpenID_Connect_Generic_Client {
return new WP_Error( 'no-code', 'No authentication code present in the request.', $request );
}
// check the client request state
if ( ! isset( $request['state'] ) || ! $this->check_state( $request['state'] ) ){
// check the client request state
if( ! isset( $request['state']) ) {
do_action( 'openid-connect-generic-no-state-provided' );
return new WP_Error( 'missing-state', __( 'Missing state.' ), $request );
}
if ( ! $this->check_state( $request['state'] ) ) {
return new WP_Error( 'invalid-state', __( 'Invalid state.' ), $request );
}
return $request;
}
/**
* Get the authorization code from the request
*
@ -257,18 +262,30 @@ class OpenID_Connect_Generic_Client {
* Check the existence of a given state transient.
*
* @param $state
*
*
* @return bool
*/
function check_state( $state ) {
$state_found = true;
if ( ! get_option( '_transient_openid-connect-generic-state--' . $state ) ) {
do_action( 'openid-connect-generic-state-not-found', $state );
$state_found = false;
}
$valid = get_transient( 'openid-connect-generic-state--' . $state );
if ( ! $valid && $state_found ) {
do_action( 'openid-connect-generic-state-expired', $state );
}
return !!$valid;
}
/**
* Ensure that the token meets basic requirements
*
*
* @param $token_response
*
* @return bool|\WP_Error

Write Preview
Loading…
Cancel
Save