development/vscode
development/vscode
1
0
Fork 0
mirror of https://github.com/Microsoft/vscode synced 2024-10-02 09:18:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

add favicon and nonce enforcement in microsoft auth

Browse source
This commit is contained in:
Tyler Leonhardt 2022-04-15 15:47:20 -07:00
parent 70c896184e
commit 9c15f4185a
No known key found for this signature in database
GPG key ID: D9BFA0BA8AD9F6F7
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
extensions/microsoft-authentication/media/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 34 KiB

8
extensions/microsoft-authentication/src/authServer.ts
View file

@ -109,7 +109,8 @@ export class LoopbackAuthServer implements ILoopbackServer {
case '/callback': {
const code = reqUrl.searchParams.get('code') ?? undefined;
const state = reqUrl.searchParams.get('state') ?? undefined;
if (!code || !state) {
const nonce = (reqUrl.searchParams.get('nonce') ?? '').replace(/ /g, '+');
if (!code || !state || !nonce) {
res.writeHead(400);
res.end();
return;
@ -119,6 +120,11 @@ export class LoopbackAuthServer implements ILoopbackServer {
res.end();
throw new Error('State does not match.');
}
if (this.nonce !== nonce) {
res.writeHead(302, { location: `/?error=${encodeURIComponent('Nonce does not match.')}` });
res.end();
throw new Error('Nonce does not match.');
}
deferred.resolve({ code, state });
res.writeHead(302, { location: '/' });
res.end();