nicoeri/filebrowser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: use crypto for rand

Browse Source
This commit is contained in:
Marcell FÜLÖP 2023-02-20 15:57:05 +00:00
parent 8f1f4e68bc
commit bad4007a74
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
auth/oidc.go
View File

@ -2,11 +2,13 @@ package auth
import ( import (
"context" "context"
"crypto/rand"
"fmt" "fmt"
"github.com/filebrowser/filebrowser/v2/settings" "github.com/filebrowser/filebrowser/v2/settings"
"github.com/filebrowser/filebrowser/v2/users" "github.com/filebrowser/filebrowser/v2/users"
"log" "log"
"math/rand" "math"
"math/big"
"net/http" "net/http"
"os" "os"
@ -71,8 +73,11 @@ func (o *OAuthClient) InitClient() {
// InitAuthFlow triggers the oidc authentication flow. // InitAuthFlow triggers the oidc authentication flow.
func (o *OAuthClient) InitAuthFlow(w http.ResponseWriter, r *http.Request) { func (o *OAuthClient) InitAuthFlow(w http.ResponseWriter, r *http.Request) {
o.InitClient() o.InitClient()
state := fmt.Sprintf("%x", rand.Uint32())
nonce := fmt.Sprintf("%x", rand.Uint32()) rand1, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
rand2, _ := rand.Int(rand.Reader, big.NewInt(math.MaxInt32))
state := fmt.Sprintf("%x", rand1)
nonce := fmt.Sprintf("%x", rand2)
o.OAuth2Config.RedirectURL += "?redirect=" + r.URL.Path o.OAuth2Config.RedirectURL += "?redirect=" + r.URL.Path
url := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce)) url := o.OAuth2Config.AuthCodeURL(state, oidc.Nonce(nonce))