Debuggin'

Signed-off-by: Cliff Hill <clifford.hill@gsa.gov>
2026-02-05 10:53:28 -05:00 · 2024-10-25 16:55:34 -04:00
parent a39c844c30
commit a090c90ed6
3 changed files with 14 additions and 6 deletions
--- a/app/main/views/index.py
+++ b/app/main/views/index.py
@@ -41,7 +41,7 @@ def index():
        current_app.config["SECRET_KEY"],
        current_app.config["DANGEROUS_SALT"],
    )
-    state_key = f"login-nonce-{unquote(state)}"
+    state_key = f"login-state-{unquote(state)}"
    redis_client.set(state_key, state)

    # make and store the nonce
--- a/app/main/views/register.py
+++ b/app/main/views/register.py
@@ -2,6 +2,7 @@ import base64
 import json
 import uuid
 from datetime import datetime, timedelta
+from urllib.parse import unquote

 from flask import (
    abort,
@@ -161,6 +162,13 @@ def set_up_your_profile():
    debug_msg(f"Enter set_up_your_profile with request.args {request.args}")
    code = request.args.get("code")
    state = request.args.get("state")
+
+    state_key = f"login-state-{unquote(state)}"
+    stored_state = redis_client.get(state_key).decode("utf8")
+    if state != stored_state:
+        current_app.logger.error(f"State Error: {state} != {stored_state}")
+        abort(403)
+
    login_gov_error = request.args.get("error")

    if redis_client.get(f"invitedata-{state}") is None:
--- a/app/main/views/sign_in.py
+++ b/app/main/views/sign_in.py
@@ -99,11 +99,6 @@ def _do_login_dot_gov():  # $ pragma: no cover
    # start login.gov
    code = request.args.get("code")
    state = request.args.get("state")
-    state_key = f"login-state-{unquote(state)}"
-    stored_state = redis_client.get(state_key).decode("utf8")
-    if state != stored_state:
-        current_app.logger.error(f"State Error: {state} != {stored_state}")
-        abort(403)

    login_gov_error = request.args.get("error")

@@ -113,6 +108,11 @@ def _do_login_dot_gov():  # $ pragma: no cover
        )
        raise Exception(f"Could not login with login.gov {login_gov_error}")
    elif code and state:
+        state_key = f"login-state-{unquote(state)}"
+        stored_state = redis_client.get(state_key).decode("utf8")
+        if state != stored_state:
+            current_app.logger.error(f"State Error: {state} != {stored_state}")
+            abort(403)

        # activate the user
        try: