diff options
author | Daniel Schalla <daniel@schalla.me> | 2018-08-02 00:16:04 +0200 |
---|---|---|
committer | Christopher Speller <crspeller@gmail.com> | 2018-08-01 15:16:04 -0700 |
commit | 2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d (patch) | |
tree | 2e843f8fdf8382b13fe0a902e7b6183f1f4475bd /app/oauth.go | |
parent | 90e84d76efa775cdf7c54363218bf6817cd1bf33 (diff) | |
download | chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.gz chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.tar.bz2 chat-2936dc87d074e6d83147c9e6cf4ae8bac4e4af8d.zip |
CSRF Token Implementation for Plugins (#9192)
deleted test config
fix test config
Dont wipe the session token for plugins
Simplified Tokens; Generate CSRF for other sessions
Remove CSRF from Access Token; Remove Getter/Setter from Context
fix removed setter
remove getcsrf helper from plugin api
enforce csrf only for cookie auth
Diffstat (limited to 'app/oauth.go')
-rw-r--r-- | app/oauth.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/oauth.go b/app/oauth.go index 60ea39255..a0123c0e9 100644 --- a/app/oauth.go +++ b/app/oauth.go @@ -334,6 +334,7 @@ func (a *App) GetOAuthAccessTokenForCodeFlow(clientId, grantType, redirectUri, c func (a *App) newSession(appName string, user *model.User) (*model.Session, *model.AppError) { // set new token an session session := &model.Session{UserId: user.Id, Roles: user.Roles, IsOAuth: true} + session.GenerateCSRF() session.SetExpireInDays(*a.Config().ServiceSettings.SessionLengthSSOInDays) session.AddProp(model.SESSION_PROP_PLATFORM, appName) session.AddProp(model.SESSION_PROP_OS, "OAuth2") |