Increase detail of state token errors

Before: a missing state error could be returned for 3 reasons: a token was not provided, the token provided was invalid, or the token provided had expired.

There was no way of knowing which of these was the cause of any single missing state error.

Now: if no token is provided, a missing state error is returned, and the "openid-connect-generic-no-state-provided" action is called.

If the token provided is invalid, an "Invalid state" error is thrown and the "openid-connect-generic-state-not-found" action is called.

If the token provided has expired, an "Invalid state" error is returned and the "openid-connect-generic-state-expired" action is called.

This should allow for more granular error logging around state token errors.
isekai
Rob Skilling 5 years ago
parent 43badcc569
commit 836500a495

@ -83,14 +83,19 @@ class OpenID_Connect_Generic_Client {
return new WP_Error( 'no-code', 'No authentication code present in the request.', $request );
}
// check the client request state
if ( ! isset( $request['state'] ) || ! $this->check_state( $request['state'] ) ){
// check the client request state
if( ! isset( $request['state']) ) {
do_action( 'openid-connect-generic-no-state-provided' );
return new WP_Error( 'missing-state', __( 'Missing state.' ), $request );
}
if ( ! $this->check_state( $request['state'] ) ) {
return new WP_Error( 'invalid-state', __( 'Invalid state.' ), $request );
}
return $request;
}
/**
* Get the authorization code from the request
*
@ -257,18 +262,30 @@ class OpenID_Connect_Generic_Client {
* Check the existence of a given state transient.
*
* @param $state
*
*
* @return bool
*/
function check_state( $state ) {
$state_found = true;
if ( ! get_option( '_transient_openid-connect-generic-state--' . $state ) ) {
do_action( 'openid-connect-generic-state-not-found', $state );
$state_found = false;
}
$valid = get_transient( 'openid-connect-generic-state--' . $state );
if ( ! $valid && $state_found ) {
do_action( 'openid-connect-generic-state-expired', $state );
}
return !!$valid;
}
/**
* Ensure that the token meets basic requirements
*
*
* @param $token_response
*
* @return bool|\WP_Error

Loading…
Cancel
Save