Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: handle subject mismatch gracefully #3619

Merged
merged 1 commit into from
Aug 25, 2023

Conversation

hperl
Copy link
Contributor

@hperl hperl commented Aug 25, 2023

We now redirect to the original request URL if the subjects between the remembered Hydra session and what was confirmed by the login screen does not match.

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    security@ory.sh) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@hperl hperl requested a review from aeneasr as a code owner August 25, 2023 06:19
@hperl hperl requested a review from aeneasr August 25, 2023 06:19
@hperl hperl self-assigned this Aug 25, 2023
@hperl hperl requested a review from jonas-jonas August 25, 2023 06:27
consent/handler.go Outdated Show resolved Hide resolved
We now redirect to the original request URL if the subjects between
the remembered Hydra session and what was confirmed by the login
screen does not match.
@hperl hperl force-pushed the hperl/fix-subject-does-not-match-bug branch from ab4276e to 3eae4ec Compare August 25, 2023 06:33
@codecov
Copy link

codecov bot commented Aug 25, 2023

Codecov Report

Merging #3619 (5383356) into master (0176adc) will decrease coverage by 0.02%.
Report is 1 commits behind head on master.
The diff coverage is 75.00%.

❗ Current head 5383356 differs from pull request most recent head 3eae4ec. Consider uploading reports for the commit 3eae4ec to get more accurate results

@@            Coverage Diff             @@
##           master    #3619      +/-   ##
==========================================
- Coverage   76.19%   76.18%   -0.02%     
==========================================
  Files         133      133              
  Lines       10037    10043       +6     
==========================================
+ Hits         7648     7651       +3     
- Misses       1866     1868       +2     
- Partials      523      524       +1     
Files Changed Coverage Δ
consent/handler.go 64.81% <75.00%> (-0.26%) ⬇️

@aeneasr aeneasr merged commit af0d477 into master Aug 25, 2023
@aeneasr aeneasr deleted the hperl/fix-subject-does-not-match-bug branch August 25, 2023 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants