summaryrefslogtreecommitdiff
path: root/app/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers')
-rw-r--r--app/controllers/sessions/controller_test.go2
-rw-r--r--app/controllers/sessions/service.go3
2 files changed, 3 insertions, 2 deletions
diff --git a/app/controllers/sessions/controller_test.go b/app/controllers/sessions/controller_test.go
index a29041e..a1158da 100644
--- a/app/controllers/sessions/controller_test.go
+++ b/app/controllers/sessions/controller_test.go
@@ -127,7 +127,7 @@ func TestSessions(t *testing.T) {
cookie, err := http.ParseSetCookie(w.Header().Get("Set-Cookie"))
require.NoError(t, err)
require.NotZero(t, cookie)
- data, err := base64.URLEncoding.DecodeString(cookie.Value)
+ data, err := base64.URLEncoding.DecodeString(web.CookieValueFrom(cookie))
require.NoError(t, err)
tokens := map[string]interface{}{}
require.NoError(t, json.Unmarshal(data, &tokens))
diff --git a/app/controllers/sessions/service.go b/app/controllers/sessions/service.go
index 0ee692a..af1512c 100644
--- a/app/controllers/sessions/service.go
+++ b/app/controllers/sessions/service.go
@@ -7,6 +7,7 @@ import (
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/oidc"
"gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/pls"
+ "gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/pkg/web"
"golang.org/x/oauth2"
)
@@ -38,7 +39,7 @@ func (svc *Service) Exchange(r *http.Request) (*oidc.Tokens, error) {
}
state := r.URL.Query().Get("state")
- if state != cookies[0].Value {
+ if state != web.CookieValueFrom(cookies[0]) {
return nil, errors.New("Invalid CSRF token")
}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 05:00:04 +0000