Skip to content

Commit

Permalink
HTML instead of URI encoding for unauthorized body
Browse files Browse the repository at this point in the history
  • Loading branch information
@SiCoe
SiCoe committed Sep 25, 2023
1 parent 8455c15 commit c5fc6c4
Show file tree
Hide file tree
Showing 4 changed files with 470 additions and 94 deletions.
8 changes: 5 additions & 3 deletions authn/openid.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ const auth = require('./auth.js');
const nonce = require('./nonce.js');
const axios = require('axios');
const url = require('url');
const entities = require('entities');

var discoveryDocument;
var jwks;
var config;
Expand Down Expand Up @@ -335,9 +337,9 @@ function unauthorized(error, error_description, error_uri, callback) {
</html>
`;

page = page.replace(/%error%/g, encodeURI(error).replace(/%20/g,' '));
page = page.replace(/%error_description%/g, encodeURI(error_description).replace(/%20/g,' '));
page = page.replace(/%error_uri%/g, encodeURI(error_uri));
page = page.replace(/%error%/g, entities.encodeHTML(error));
page = page.replace(/%error_description%/g, entities.encodeHTML(error_description));
page = page.replace(/%error_uri%/g, entities.encodeHTML(error_uri));

// Unauthorized access attempt. Reset token and nonce cookies
const response = {
Expand Down
8 changes: 5 additions & 3 deletions authn/pkce.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ const codeChallenge = require('./code-challenge.js');
const cfg = require('./config.js');
const axios = require('axios');
const url = require('url');
const entities = require('entities');

var discoveryDocument;
var jwks;
var config;
Expand Down Expand Up @@ -362,9 +364,9 @@ function unauthorized(error, error_description, error_uri, callback) {
</html>
`;

page = page.replace(/%error%/g, encodeURI(error).replace(/%20/g,' '));
page = page.replace(/%error_description%/g, encodeURI(error_description).replace(/%20/g,' '));
page = page.replace(/%error_uri%/g, encodeURI(error_uri));
page = page.replace(/%error%/g, entities.encodeHTML(error));
page = page.replace(/%error_description%/g, entities.encodeHTML(error_description));
page = page.replace(/%error_uri%/g, entities.encodeHTML(error_uri));

// Unauthorized access attempt. Reset token and nonce cookies
const response = {
Expand Down
Loading

0 comments on commit c5fc6c4

Please sign in to comment.