Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

check that the jwt token is used by the same IP for which it

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-03-24 22:03:17 +01:00
parent 4bbb195711
commit d955ddcef9
13 changed files with 154 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
httpd/oidc.go
View File

@@ -496,7 +496,7 @@ func (s *httpdServer) oidcTokenAuthenticator(audience tokenAudience) func(next h
Username: token.Username,
Permissions: token.Permissions,
}
_, tokenString, err := jwtTokenClaims.createToken(s.tokenAuth, audience)
_, tokenString, err := jwtTokenClaims.createToken(s.tokenAuth, audience, util.GetIPFromRemoteAddress(r.RemoteAddr))
if err != nil {
setFlashMessage(w, r, "Unable to create cookie")
if audience == tokenAudienceWebAdmin {