Skip to content

Commit 6e4a14e

Browse files
zandbeltzandbelt
committed
code: handle/responsse.c: refactor oidc_response_browser_back (layout)
Signed-off-by: Hans Zandbelt <[email protected]>
1 parent c3a4f10 commit 6e4a14e

File tree

1 file changed

+17
-17
lines changed

1 file changed

+17
-17
lines changed

src/handle/response.c

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -82,28 +82,28 @@ static int oidc_response_authorization_error(request_rec *r, oidc_cfg_t *c, oidc
8282

8383
/* handle the browser back on an authorization response */
8484
static apr_byte_t oidc_response_browser_back(request_rec *r, const char *r_state, oidc_session_t *session) {
85-
86-
/* see if we have an existing session and browser-back was used */
8785
const char *s_state = NULL, *o_url = NULL;
8886

89-
if (session->remote_user != NULL) {
90-
91-
s_state = oidc_session_get_request_state(r, session);
92-
o_url = oidc_session_get_original_url(r, session);
93-
94-
if ((r_state != NULL) && (s_state != NULL) && (_oidc_strcmp(r_state, s_state) == 0)) {
95-
96-
/* log the browser back event detection */
97-
oidc_warn(r, "browser back detected, redirecting to original URL: %s", o_url);
87+
/* see if we have an existing session and browser-back was used */
88+
if (session->remote_user == NULL)
89+
/* no session was established yet */
90+
return FALSE;
9891

99-
/* go back to the URL that he originally tried to access */
100-
oidc_http_hdr_out_location_set(r, o_url);
92+
s_state = oidc_session_get_request_state(r, session);
93+
if ((r_state == NULL) || (s_state == NULL) || (_oidc_strcmp(r_state, s_state) != 0))
94+
/* state does not match with the state that was used to create the session earlier, no replay is going
95+
* on here */
96+
return FALSE;
10197

102-
return TRUE;
103-
}
104-
}
98+
/* get the URL that was originally accessed by the user */
99+
o_url = oidc_session_get_original_url(r, session);
100+
/* log the browser back event detection */
101+
oidc_warn(r, "browser back detected, redirecting to original URL: %s", o_url);
102+
/* go back to the URL that he originally tried to access */
103+
oidc_http_hdr_out_location_set(r, o_url);
105104

106-
return FALSE;
105+
/* signal that a browser back event was detected indeed and we handled this here */
106+
return TRUE;
107107
}
108108

109109
static char *_oidc_response_post_preserve_template_contents = NULL;

0 commit comments

Comments
 (0)