Skip to content

Commit

Permalink
Fixed NPE on validating ID Token
Browse files Browse the repository at this point in the history
  • Loading branch information
Loganathan Sekar committed Jun 23, 2022
1 parent 9a9cb26 commit 54a2e9d
Showing 1 changed file with 16 additions and 5 deletions.
21 changes: 16 additions & 5 deletions ...y-api/src/main/java/io/mosip/kernel/authcodeflowproxy/api/controller/LoginController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
@RestController
public class LoginController {

private static final String ID_TOKEN = "id_token";

private final static Logger LOGGER= LoggerFactory.getLogger(LoginController.class);

@Value("${auth.token.header:Authorization}")
Expand All @@ -46,7 +48,10 @@ public class LoginController {
private LoginService loginService;

@Autowired
private ValidateTokenHelper validateTokenHelper;
private ValidateTokenHelper validateTokenHelper;

@Value("${auth.validate.id-token:false}")
private boolean validateIdToken;

@GetMapping(value = "/login/{redirectURI}")
public void login(@CookieValue(name = "state", required = false) String state,
Expand Down Expand Up @@ -88,11 +93,17 @@ public void loginRedirect(@PathVariable("redirectURI") String redirectURI, @Requ
redirectURI);
String accessToken = jwtResponseDTO.getAccessToken();
validateToken(accessToken);
String idToken = jwtResponseDTO.getIdToken();
validateToken(idToken);
Cookie cookie = loginService.createCookie(accessToken);
res.addCookie(cookie);
res.addCookie(new Cookie("id_token", idToken));
if(validateIdToken) {
String idToken = jwtResponseDTO.getIdToken();
if(idToken == null) {
throw new ClientException(Errors.TOKEN_NOTPRESENT_ERROR.getErrorCode(),
Errors.TOKEN_NOTPRESENT_ERROR.getErrorMessage() + ": " + ID_TOKEN);
}
validateToken(idToken);
res.addCookie(new Cookie(ID_TOKEN, idToken));
}
res.setStatus(302);
String url = new String(Base64.decodeBase64(redirectURI.getBytes()));
if(url.contains("#")) {
Expand All @@ -103,7 +114,7 @@ public void loginRedirect(@PathVariable("redirectURI") String redirectURI, @Requ
throw new ServiceException(Errors.ALLOWED_URL_EXCEPTION.getErrorCode(), Errors.ALLOWED_URL_EXCEPTION.getErrorMessage());
}
res.sendRedirect(url);
}
}

private void validateToken(String accessToken) {
if(!validateTokenHelper.isTokenValid(accessToken).getKey()){
Expand Down

0 comments on commit 54a2e9d

Please sign in to comment.