Acasă Explorează Ajutor
Înregistrare Autentificare
github
/
spring-security
oglindă de https://github.com/spring-projects/spring-security
2
0
Bifurcare 0
Fisiere Probleme 0 Wiki
Răsfoiți Sursa

SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.

Luke Taylor 14 ani în urmă
părinte
700fa9e0b6
comite
89fa771093
2 a modificat fișierele cu 10 adăugiri și 0 ștergeri
Vizualizare divizată Arată Statisticile Diff
  1. 5 0
      openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
  2. 5 0
      openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java

+ 5 - 0
openid/src/main/java/org/springframework/security/openid/OpenID4JavaConsumer.java
Vizualizați fișierul 

@@ -144,6 +144,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
 
 
         // retrieve the previously stored discovery information
 
         DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
 
+
 
+        if (discovered == null) {
 
+            throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
 
+        }
 
+
 
         List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
 
 
         request.getSession().removeAttribute(DISCOVERY_INFO_KEY);

+ 5 - 0
openid/src/test/java/org/springframework/security/openid/OpenID4JavaConsumerTests.java
Vizualizați fișierul 

@@ -189,6 +189,11 @@ public class OpenID4JavaConsumerTests {
 
         consumer.fetchAxAttributes(msg, attributes);
 
     }
 
 
+    @Test(expected=OpenIDConsumerException.class)
 
+    public void missingDiscoveryInformationThrowsException() throws Exception {
 
+        OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
 
+        consumer.endConsumption(new MockHttpServletRequest());
 
+    }
 
 
     @SuppressWarnings("deprecation")
 
     @Test