Commit Graph

4 Commits (ac1994208341bbd1a656ca0c0210807210f871eb)

Author SHA1 Message Date
Daniel Supernault 374344754e
Lint 2 months ago
Daniel Supernault 26887c7672
Update OIDC config with comments, and disable tests as we dont have db tests configured 10 months ago
Gavin Mogan 70584b47c5 Fixes for items highlighted by review.ai
* Consider using `hash_equals()` instead of `==` when comparing the state values to prevent timing attacks:
`abort_unless(hash_equals($request->input('state'), $request->session()->pull('oauth2state')), 400, 'invalid
state');`
* For better data integrity, consider adding a foreign key constraint to the user_id column: `$table-
>foreign('user_id')->references('id')->on('users')->onDelete('cascade');`
* Does the OIDC provider guarantee that the username field exists in the userInfo data? Consider adding a
null check or fallback: `$userInfoData[config('remote-auth.oidc.field_username')] ?? null`
10 months ago
Gavin Mogan 441c8e0d4c Generic OIDC Support
* Everything should be configurable by env variables
* Basic request tests
10 months ago