TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-10-15 18:20:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: potential panics in login and return proper http 405 (#8065)

Browse Source 
# Which Problems Are Solved

We identified some parts in the code, which could panic with a nil
pointer when accessed without auth request.
Additionally, if a GRPC method was called with an unmapped HTTP method,
e.g. POST instead of GET a 501 instead of a 405 was returned.

# How the Problems Are Solved

- Additional checks for existing authRequest
- custom http status code mapper for gateway

# Additional Changes

None.

# Additional Context

- noted internally in OPS
This commit is contained in:
Livio Spring
2024-06-07 09:30:04 +02:00
committed by GitHub
parent 9b16c61038
commit 26c7d95c88
5 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/api/ui/login/mail_verify_handler.go
View File

@@ -58,16 +58,17 @@ func (l *Login) handleMailVerificationCheck(w http.ResponseWriter, r *http.Reque
l.checkMailCode(w, r, authReq, data.UserID, data.Code)
return
}
userOrg := ""
var userOrg, authReqID string
if authReq != nil {
userOrg = authReq.UserOrgID
authReqID = authReq.ID
}
emailCodeGenerator, err := l.query.InitEncryptionGenerator(r.Context(), domain.SecretGeneratorTypeVerifyEmailCode, l.userCodeAlg)
if err != nil {
l.checkMailCode(w, r, authReq, data.UserID, data.Code)
return
}
_, err = l.command.CreateHumanEmailVerificationCode(setContext(r.Context(), userOrg), data.UserID, userOrg, emailCodeGenerator, authReq.ID)
_, err = l.command.CreateHumanEmailVerificationCode(setContext(r.Context(), userOrg), data.UserID, userOrg, emailCodeGenerator, authReqID)
l.renderMailVerification(w, r, authReq, data.UserID, err)
}