IcyNetwork/oauth2-provider
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove builtin csrf verification

Browse Source
This commit is contained in:
Evert Prants 2022-03-20 18:28:51 +02:00
parent 2877dac937
commit a440d1f4ac
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 0 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/controller/authorization.ts
View File

@ -154,18 +154,6 @@ export const authorization = wrap(async (req, res) => {
return oauth2.decision(req, res, client, scope, user, redirectUri);
}
// Consent pushed, ensure valid session
const {
session: { csrf },
} = req;
if (
req.method === 'POST' &&
csrf &&
!(req.body.csrf && req.body.csrf === csrf)
) {
throw new InvalidRequest('Invalid session');
}
// Save consent
if (!consented) {
if (!req.body || typeof req.body.decision === 'undefined') {

6
src/types/express/index.d.ts vendored
View File

@ -7,9 +7,3 @@ declare global {
}
}
}
declare module 'express-session' {
interface SessionData {
csrf: string;
}
}