From 1f50c3f45197991db9551217dfc4dd4cacdf5b08 Mon Sep 17 00:00:00 2001 From: Jonathan Lorimer Date: Mon, 8 Jul 2024 10:49:29 -0400 Subject: [PATCH 1/2] feat: add State argument to sessionStoreDelete --- src/Web/OIDC/Client/CodeFlow.hs | 2 +- src/Web/OIDC/Client/IdTokenFlow.hs | 2 +- src/Web/OIDC/Client/Types.hs | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Web/OIDC/Client/CodeFlow.hs b/src/Web/OIDC/Client/CodeFlow.hs index 29b7f3b..dae8941 100644 --- a/src/Web/OIDC/Client/CodeFlow.hs +++ b/src/Web/OIDC/Client/CodeFlow.hs @@ -79,7 +79,7 @@ getValidTokens store oidc mgr stateFromIdP code = do savedNonce <- sessionStoreGet store stateFromIdP when (isNothing savedNonce) $ throwM UnknownState result <- liftIO $ requestTokens oidc savedNonce code mgr - sessionStoreDelete store + sessionStoreDelete store stateFromIdP return result -- | Make URL for Authorization Request. diff --git a/src/Web/OIDC/Client/IdTokenFlow.hs b/src/Web/OIDC/Client/IdTokenFlow.hs index 17a3452..2b036e4 100644 --- a/src/Web/OIDC/Client/IdTokenFlow.hs +++ b/src/Web/OIDC/Client/IdTokenFlow.hs @@ -64,7 +64,7 @@ getValidIdTokenClaims store oidc stateFromIdP getIdToken = do msavedNonce <- sessionStoreGet store stateFromIdP savedNonce <- maybe (liftIO $ throwIO UnknownState) pure msavedNonce jwt <- Jwt.Jwt <$> getIdToken - sessionStoreDelete store + sessionStoreDelete store stateFromIdP idToken <- liftIO $ validateIdToken oidc jwt nonce' <- maybe (liftIO $ throwIO MissingNonceInResponse) pure (nonce idToken) when (nonce' /= savedNonce) $ liftIO $ throwIO MismatchedNonces diff --git a/src/Web/OIDC/Client/Types.hs b/src/Web/OIDC/Client/Types.hs index 86fe23a..965e16b 100644 --- a/src/Web/OIDC/Client/Types.hs +++ b/src/Web/OIDC/Client/Types.hs @@ -70,6 +70,6 @@ data SessionStore m = SessionStore , sessionStoreSave :: State -> Nonce -> m () , sessionStoreGet :: State -> m (Maybe Nonce) -- ^ Returns 'Nothing' if 'State' is unknown - , sessionStoreDelete :: m () + , sessionStoreDelete :: State -> m () -- ^ Should delete at least nonce } From 71c8f31f3088aae9d2ac09deeefde60e75d53e0e Mon Sep 17 00:00:00 2001 From: Jonathan Lorimer Date: Sun, 14 Jul 2024 14:24:29 -0400 Subject: [PATCH 2/2] chore: fix examples --- examples/scotty/Main.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/scotty/Main.hs b/examples/scotty/Main.hs index 6f12497..9c9d220 100644 --- a/examples/scotty/Main.hs +++ b/examples/scotty/Main.hs @@ -167,7 +167,7 @@ run' = do { sessionStoreGenerate = genBytes cprg , sessionStoreSave = saveState ssm sid , sessionStoreGet = getStateBy ssm sid - , sessionStoreDelete = deleteState ssm sid + , sessionStoreDelete = const $ deleteState ssm sid } blaze = html . renderHtml