-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fix-16668][api-server] Fix SSO login bug #16669
base: dev
Are you sure you want to change the base?
Conversation
when use sso login type, refresh login page and click sso login button, will dialog a error tips: State or code entered incorrectly.
@@ -158,7 +158,8 @@ public Result ssoLogin(HttpServletRequest request) { | |||
if (session.getAttribute(Constants.SSO_LOGIN_USER_STATE) == null) { | |||
session.setAttribute(Constants.SSO_LOGIN_USER_STATE, randomState); | |||
} | |||
return Result.success(((AbstractSsoAuthenticator) authenticator).getSignInUrl(randomState)); | |||
return Result.success(((AbstractSsoAuthenticator) authenticator) | |||
.getSignInUrl(session.getAttribute(Constants.SSO_LOGIN_USER_STATE).toString())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Let's make it better.
HttpSession session = request.getSession();
if (session.getAttribute(Constants.SSO_LOGIN_USER_STATE) == null) {
String randomState = UUID.randomUUID().toString();
session.setAttribute(Constants.SSO_LOGIN_USER_STATE, randomState);
}
return Result.success(((AbstractSsoAuthenticator) authenticator)
.getSignInUrl(session.getAttribute(Constants.SSO_LOGIN_USER_STATE).toString()));
Please retry analysis of this Pull-Request directly on SonarCloud |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
LGTM
By the way, do not close the related issue when the pr is open. The issue will be automatically closed when the pr is merged. |
Purpose of the pull request
fix #16668
Brief change log
Verify this pull request
This pull request is code cleanup without any test coverage.
(or)
This pull request is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(or)
Pull Request Notice
Pull Request Notice
If your pull request contain incompatible change, you should also add it to
docs/docs/en/guide/upgrede/incompatible.md