feat: improve state generation logic

aeneasr · aeneasr · commit 546ee3dc9008 · 2022-08-19T15:03:53.000+02:00
diff --git a/selfservice/strategy/oidc/strategy.go b/selfservice/strategy/oidc/strategy.go
@@ -3,7 +3,9 @@ package oidc
 import (
 	"bytes"
 	"context"
+	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"path/filepath"
 	"strings"
@@ -114,6 +116,11 @@ type authCodeContainer struct {
 	Traits json.RawMessage `json:"traits"`
 }
 
+func generateState(flowID string) string {
+	state := x.NewUUID().String()
+	return base64.RawURLEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", flowID, state)))
+}
+
 func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) {
 	for _, c := range cc {
 		if c.Type == s.ID() && gjson.ValidBytes(c.Config) {
diff --git a/selfservice/strategy/oidc/strategy_login.go b/selfservice/strategy/oidc/strategy_login.go
@@ -167,7 +167,7 @@ func (s *Strategy) Login(w http.ResponseWriter, r *http.Request, f *login.Flow,
 		return
 	}
 
-	state := x.NewUUID().String()
+	state := generateState(f.ID.String())
 	if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,
 		continuity.WithPayload(&authCodeContainer{
 			State:  state,
diff --git a/selfservice/strategy/oidc/strategy_registration.go b/selfservice/strategy/oidc/strategy_registration.go
@@ -141,7 +141,7 @@ func (s *Strategy) Register(w http.ResponseWriter, r *http.Request, f *registrat
 		return errors.WithStack(registration.ErrAlreadyLoggedIn)
 	}
 
-	state := x.NewUUID().String()
+	state := generateState(f.ID.String())
 	if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,
 		continuity.WithPayload(&authCodeContainer{
 			State:  state,
diff --git a/selfservice/strategy/oidc/strategy_settings.go b/selfservice/strategy/oidc/strategy_settings.go
@@ -336,7 +336,7 @@ func (s *Strategy) initLinkProvider(w http.ResponseWriter, r *http.Request, ctxU
 		return s.handleSettingsError(w, r, ctxUpdate, p, err)
 	}
 
-	state := x.NewUUID().String()
+	state := generateState(ctxUpdate.Flow.ID.String())
 	if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,
 		continuity.WithPayload(&authCodeContainer{
 			State:  state,
diff --git a/selfservice/strategy/oidc/strategy_state_test.go b/selfservice/strategy/oidc/strategy_state_test.go
@@ -0,0 +1,15 @@
+package oidc
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/ory/kratos/x"
+)
+
+func TestGenerateState(t *testing.T) {
+	state := generateState(x.NewUUID().String())
+	assert.NotEmpty(t, state)
+	t.Logf("state: %s", state)
+}

Original file line number	Diff line number	Diff line change
`@@ -167,7 +167,7 @@ func (s Strategy) Login(w http.ResponseWriter, r http.Request, f *login.Flow,`
`167`	`167`	`return`
`168`	`168`	`}`
`169`	`169`
`170`		`- state := x.NewUUID().String()`
	`170`	`+ state := generateState(f.ID.String())`
`171`	`171`	`if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,`
`172`	`172`	`continuity.WithPayload(&authCodeContainer{`
`173`	`173`	`State: state,`
Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ func (s Strategy) Register(w http.ResponseWriter, r http.Request, f *registrat`
`141`	`141`	`return errors.WithStack(registration.ErrAlreadyLoggedIn)`
`142`	`142`	`}`
`143`	`143`
`144`		`- state := x.NewUUID().String()`
	`144`	`+ state := generateState(f.ID.String())`
`145`	`145`	`if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,`
`146`	`146`	`continuity.WithPayload(&authCodeContainer{`
`147`	`147`	`State: state,`
Original file line number	Diff line number	Diff line change
`@@ -336,7 +336,7 @@ func (s Strategy) initLinkProvider(w http.ResponseWriter, r http.Request, ctxU`
`336`	`336`	`return s.handleSettingsError(w, r, ctxUpdate, p, err)`
`337`	`337`	`}`
`338`	`338`
`339`		`- state := x.NewUUID().String()`
	`339`	`+ state := generateState(ctxUpdate.Flow.ID.String())`
`340`	`340`	`if err := s.d.ContinuityManager().Pause(r.Context(), w, r, sessionName,`
`341`	`341`	`continuity.WithPayload(&authCodeContainer{`
`342`	`342`	`State: state,`