diff --git a/app/Http/Controllers/RemoteOidcController.php b/app/Http/Controllers/RemoteOidcController.php index eb94a38dc..e04fcfc9e 100644 --- a/app/Http/Controllers/RemoteOidcController.php +++ b/app/Http/Controllers/RemoteOidcController.php @@ -46,7 +46,7 @@ class RemoteOidcController extends Controller abort_unless($request->input("state"), 400); abort_unless($request->input("code"), 400); - abort_unless($request->input("state") == $request->session()->pull('oauth2state'), 400, "invalid state"); + abort_unless(hash_equals($request->session()->pull('oauth2state'), $request->input("state")), 400, "invalid state"); $accessToken = $provider->getAccessToken('authorization_code', [ 'code' => $request->get('code') @@ -66,7 +66,7 @@ class RemoteOidcController extends Controller $user = $this->createUser([ 'username' => $userInfoData[config('remote-auth.oidc.field_username')], - 'name' => $userInfoData["name"] ?? $userInfoData["display_name"] ?? $userInfoData[config('remote-auth.oidc.field_username')], + 'name' => $userInfoData["name"] ?? $userInfoData["display_name"] ?? $userInfoData[config('remote-auth.oidc.field_username')] ?? null, 'email' => $userInfoData["email"], ]); diff --git a/database/migrations/2025_01_30_061434_create_user_oidc_mapping_table.php b/database/migrations/2025_01_30_061434_create_user_oidc_mapping_table.php index d224584e0..0986d9aa9 100644 --- a/database/migrations/2025_01_30_061434_create_user_oidc_mapping_table.php +++ b/database/migrations/2025_01_30_061434_create_user_oidc_mapping_table.php @@ -12,9 +12,10 @@ return new class extends Migration public function up(): void { Schema::create('user_oidc_mappings', function (Blueprint $table) { - $table->id(); - $table->unsignedInteger('user_id')->index(); + $table->bigIncrements('id'); + $table->bigInteger('user_id')->unsigned()->index(); $table->string('oidc_id')->unique()->index(); + $table->foreign('user_id')->references('id')->on('users')->onDelete('cascade'); $table->timestamps(); }); }