From 2590e3f4e7ef2620a6754822c67eb62606665024 Mon Sep 17 00:00:00 2001 From: MrMelon54 Date: Thu, 15 Feb 2024 14:44:58 +0000 Subject: [PATCH] Use SameSiteLaxMode --- server/id_token.go | 8 +++++--- server/login.go | 6 +++--- server/server.go | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/server/id_token.go b/server/id_token.go index 72f31f5..600f61a 100644 --- a/server/id_token.go +++ b/server/id_token.go @@ -25,10 +25,12 @@ func addIdTokenSupport(srv *server.Server, db *database.DB, key mjwt.Signer) { } // IdTokenClaims contains the JWT claims for an access token -type IdTokenClaims struct{} +type IdTokenClaims struct { + Subject string `json:"subject"` +} func (a IdTokenClaims) Valid() error { return nil } -func (a IdTokenClaims) Type() string { return "access-token" } +func (a IdTokenClaims) Type() string { return "id-token" } func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (token string, err error) { tx, err := us.Begin() @@ -41,7 +43,7 @@ func generateIDToken(ti oauth2.TokenInfo, us *database.DB, key mjwt.Signer) (tok } tx.Rollback() - token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), IdTokenClaims{}) + token, err = key.GenerateJwt(user.Sub, "", jwt.ClaimStrings{ti.GetClientID()}, ti.GetAccessExpiresIn(), &IdTokenClaims{Subject: user.Sub}) return } diff --git a/server/login.go b/server/login.go index 8ad9fb9..01973d9 100644 --- a/server/login.go +++ b/server/login.go @@ -56,7 +56,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http Path: "/", MaxAge: -1, Secure: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) http.Redirect(rw, req, (&url.URL{ Path: "/login", @@ -82,7 +82,7 @@ func (h *HttpServer) loginPost(rw http.ResponseWriter, req *http.Request, _ http Expires: future, MaxAge: int(future.Sub(now).Seconds()), Secure: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) // save state for use later @@ -161,7 +161,7 @@ func (h *HttpServer) setLoginDataCookie(rw http.ResponseWriter, userId string) b Path: "/", Expires: time.Now().AddDate(0, 3, 0), Secure: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) return false } diff --git a/server/server.go b/server/server.go index 1dd23cf..e831338 100644 --- a/server/server.go +++ b/server/server.go @@ -143,7 +143,7 @@ func NewHttpServer(conf Conf, db *database.DB, signingKey mjwt.Signer) *http.Ser Path: "/", MaxAge: -1, Secure: true, - SameSite: http.SameSiteStrictMode, + SameSite: http.SameSiteLaxMode, }) http.Redirect(rw, req, "/", http.StatusFound)