mirror of
https://github.com/Microsoft/vscode
synced 2024-10-02 09:18:59 +00:00
add favicon and nonce enforcement in microsoft auth
This commit is contained in:
parent
70c896184e
commit
9c15f4185a
BIN
extensions/microsoft-authentication/media/favicon.ico
Normal file
BIN
extensions/microsoft-authentication/media/favicon.ico
Normal file
Binary file not shown.
After Width: | Height: | Size: 34 KiB |
|
@ -109,7 +109,8 @@ export class LoopbackAuthServer implements ILoopbackServer {
|
|||
case '/callback': {
|
||||
const code = reqUrl.searchParams.get('code') ?? undefined;
|
||||
const state = reqUrl.searchParams.get('state') ?? undefined;
|
||||
if (!code || !state) {
|
||||
const nonce = (reqUrl.searchParams.get('nonce') ?? '').replace(/ /g, '+');
|
||||
if (!code || !state || !nonce) {
|
||||
res.writeHead(400);
|
||||
res.end();
|
||||
return;
|
||||
|
@ -119,6 +120,11 @@ export class LoopbackAuthServer implements ILoopbackServer {
|
|||
res.end();
|
||||
throw new Error('State does not match.');
|
||||
}
|
||||
if (this.nonce !== nonce) {
|
||||
res.writeHead(302, { location: `/?error=${encodeURIComponent('Nonce does not match.')}` });
|
||||
res.end();
|
||||
throw new Error('Nonce does not match.');
|
||||
}
|
||||
deferred.resolve({ code, state });
|
||||
res.writeHead(302, { location: '/' });
|
||||
res.end();
|
||||
|
|
Loading…
Reference in a new issue