sso: expire tokens after usage

2019-04-20 23:25:35 -04:00
parent fa2ccfe42e
commit 6317b384d9
6 changed files with 82 additions and 13 deletions
--- a/api/oauth_sso_redirect.go
+++ b/api/oauth_sso_redirect.go
@@ -53,9 +53,15 @@ func ssoRedirectHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	tokenBytes, err := hex.DecodeString(commenterToken)
+	token, err := ssoTokenNew(domain, commenterToken)
 	if err != nil {
-		logger.Errorf("cannot decode hex commenterToken: %v", err)
+		fmt.Fprintf(w, "Error: %s\n", err.Error())
+		return
+	}
+
+	tokenBytes, err := hex.DecodeString(token)
+	if err != nil {
+		logger.Errorf("cannot decode hex token: %v", err)
 		fmt.Fprintf(w, "Error: %s\n", errorInternal.Error())
 		return
 	}
@@ -74,7 +80,7 @@ func ssoRedirectHandler(w http.ResponseWriter, r *http.Request) {
 	}

 	q := u.Query()
-	q.Set("token", commenterToken)
+	q.Set("token", token)
 	q.Set("hmac", signature)
 	u.RawQuery = q.Encode()