SEC-1753: Cater for missing DiscoveryInformation object in OpenID4JavaConsumer.endConsumption.
This commit is contained in:
parent
700fa9e0b6
commit
89fa771093
|
@ -144,6 +144,11 @@ public class OpenID4JavaConsumer implements OpenIDConsumer {
|
||||||
|
|
||||||
// retrieve the previously stored discovery information
|
// retrieve the previously stored discovery information
|
||||||
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
|
DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
|
||||||
|
|
||||||
|
if (discovered == null) {
|
||||||
|
throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
|
||||||
|
}
|
||||||
|
|
||||||
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
|
List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
|
||||||
|
|
||||||
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
|
request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
|
||||||
|
|
|
@ -189,6 +189,11 @@ public class OpenID4JavaConsumerTests {
|
||||||
consumer.fetchAxAttributes(msg, attributes);
|
consumer.fetchAxAttributes(msg, attributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test(expected=OpenIDConsumerException.class)
|
||||||
|
public void missingDiscoveryInformationThrowsException() throws Exception {
|
||||||
|
OpenID4JavaConsumer consumer = new OpenID4JavaConsumer(new NullAxFetchListFactory());
|
||||||
|
consumer.endConsumption(new MockHttpServletRequest());
|
||||||
|
}
|
||||||
|
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
@Test
|
@Test
|
||||||
|
|
Loading…
Reference in New Issue