Skip to content

Commit

Permalink
Regenerate session after XING login to fix "session fixation" vulnera…
Browse files Browse the repository at this point in the history
…bility
  • Loading branch information
JanAhrens committed Nov 20, 2014
1 parent f7b478f commit e9f0d50
Showing 1 changed file with 51 additions and 45 deletions.
96 changes: 51 additions & 45 deletions app/controllers/oauth.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,52 +35,58 @@ module.exports = function (app, io) {

xingApi.getAccessToken(requestToken.token, requestToken.secret, req.query.oauth_verifier,
function (error, oauthToken, oauthTokenSecret) {
res.cookie('requestToken', null); // delete cookie

var client = xingApi.client(oauthToken, oauthTokenSecret);

client.get('/v1/users/me', function (error, response) {
var user = JSON.parse(response).users[0];

Wall.findOne({ _id: req.query.wall_id }).exec()
.then(function (wall) {

var profile = new Profile({
userId: user.id,
displayName: user.display_name,
photoUrls: {
size_128x128: user.photo_urls.size_128x128,
size_256x256: user.photo_urls.size_256x256
}
}).toObject();

delete profile._id; // make sure that we don't overwrite the internal _id on an update

Profile.findOneAndUpdate({ userId: user.id }, profile, { upsert: true }).exec()
.then(function (profile) {
wall.profiles.pull(profile._id);
wall.profiles.push(profile._id);

wall.save(function (err) {
if (err) {
console.error(err);
res.render('error');
} else {
req.session.user = {
id: profile._id,
oauthToken: oauthToken,
oauthTokenSecret: oauthTokenSecret
};

io.emit('profiles:updated');
res.render('oauth/callback', { url: "/walls/" + req.query.wall_id });
}
if (error) {
console.log(error);
res.render('error');
return;
}
req.session.regenerate(function (err) {
res.cookie('requestToken', null); // delete cookie

var client = xingApi.client(oauthToken, oauthTokenSecret);

client.get('/v1/users/me', function (error, response) {
var user = JSON.parse(response).users[0];

Wall.findOne({ _id: req.query.wall_id }).exec()
.then(function (wall) {

var profile = new Profile({
userId: user.id,
displayName: user.display_name,
photoUrls: {
size_128x128: user.photo_urls.size_128x128,
size_256x256: user.photo_urls.size_256x256
}
}).toObject();

delete profile._id; // make sure that we don't overwrite the internal _id on an update

Profile.findOneAndUpdate({ userId: user.id }, profile, { upsert: true }).exec()
.then(function (profile) {
wall.profiles.pull(profile._id);
wall.profiles.push(profile._id);

wall.save(function (err) {
if (err) {
console.error(err);
res.render('error');
} else {
req.session.user = {
id: profile._id,
oauthToken: oauthToken,
oauthTokenSecret: oauthTokenSecret
};

io.emit('profiles:updated');
res.render('oauth/callback', { url: "/walls/" + req.query.wall_id });
}
});
});
});

}, function (err) {
console.log(err);
});
}, function (err) {
console.log(err);
});
});
});
});
});
Expand Down

0 comments on commit e9f0d50

Please # to comment.