liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: optional oauth2 module nonce toggle

Browse Source
This commit is contained in:
NGPixel
2023-01-29 17:14:34 -05:00
parent 12233c476d
commit 5f876ced20
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/modules/authentication/oauth2/authentication.js
View File

@@ -19,7 +19,7 @@ module.exports = {
callbackURL: conf.callbackURL, callbackURL: conf.callbackURL,
passReqToCallback: true, passReqToCallback: true,
scope: conf.scope, scope: conf.scope,
state: true state: conf.enableCSRFProtection
}, async (req, accessToken, refreshToken, profile, cb) => { }, async (req, accessToken, refreshToken, profile, cb) => {
try { try {
const user = await WIKI.models.users.processProfile({ const user = await WIKI.models.users.processProfile({

6
server/modules/authentication/oauth2/definition.yml
View File

@@ -70,3 +70,9 @@ props:
title: Pass access token via GET query string to User Info Endpoint title: Pass access token via GET query string to User Info Endpoint
hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header. hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header.
order: 11 order: 11
enableCSRFProtection:
type: Boolean
default: true
title: Enable CSRF protection
hint: Pass a nonce state parameter during authentication to protect against CSRF attacks.
order: 12