bdb2fdb8f5
This commit fixes the JS callback defined in the check-session iframe which can produce infinite callback loops if the received message doesn't come from the relying party. In that case another message is posted to the source of the message (which can be the OP itself) thus resulting in an infinite loop because "error" messages are continuously generated by the callback function.
54 lines
1.9 KiB
HTML
54 lines
1.9 KiB
HTML
{% load staticfiles %}
|
|
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<title>OP Iframe</title>
|
|
<script src="{% static 'oidc_provider/js/sha256.min.js' %}"></script>
|
|
<script language="JavaScript" type="text/javascript">
|
|
window.addEventListener("message", receiveMessage, false);
|
|
|
|
function receiveMessage(e) {
|
|
if (!e.data || typeof e.data != 'string' || e.data == 'error') {
|
|
return;
|
|
}
|
|
|
|
var status;
|
|
try {
|
|
var clientId = e.data.split(' ')[0];
|
|
var sessionState = e.data.split(' ')[1];
|
|
var salt = sessionState.split('.')[1];
|
|
|
|
var browserState = getOpBrowserState();
|
|
|
|
var sessionStateCalculated = sha256(clientId + ' ' + e.origin + ' ' + browserState + ' ' + salt) + '.' + salt;
|
|
|
|
if (sessionState == sessionStateCalculated) {
|
|
status = 'unchanged';
|
|
} else {
|
|
status = 'changed';
|
|
}
|
|
} catch(err) {
|
|
status = 'error';
|
|
}
|
|
e.source.postMessage(status, e.origin);
|
|
};
|
|
|
|
function getOpBrowserState() {
|
|
var theName = 'op_browser_state=';
|
|
var theCookie = document.cookie + ';';
|
|
var start = theCookie.indexOf(theName);
|
|
if (start != -1)
|
|
{
|
|
var end = theCookie.indexOf(';', start);
|
|
return unescape(theCookie.substring(start + theName.length, end));
|
|
}
|
|
throw new Error('We couldn\'t find the "op_browser_state" cookie.');
|
|
}
|
|
</script>
|
|
</head>
|
|
<body>
|
|
OpenID Connect Session Management OP Iframe.
|
|
</body>
|
|
</html>
|