oauth: raise error if session state is missing

ref #9476

oauth: raise error if session state is missing
ref #9476
88f55b01 · bergquist · 0848ba2e · 88f55b01
Commit 88f55b01 authored Oct 12, 2017 by bergquist
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 2 deletions

pkg/api/login_oauth.go
+6 -2

No files found.
--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@@ -71,8 +71,12 @@ func OAuthLogin(ctx *middleware.Context) {
 		return
 	}

-	// verify state string
-	savedState := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
+	savedState, ok := ctx.Session.Get(middleware.SESS_KEY_OAUTH_STATE).(string)
+	if !ok {
+		ctx.Handle(500, "login.OAuthLogin(missing saved state)", nil)
+		return
+	}
+
 	queryState := ctx.Query("state")
 	if savedState != queryState {
 		ctx.Handle(500, "login.OAuthLogin(state mismatch)", nil)