diff --git a/internal/utils/utils.go b/internal/utils/utils.go index a6e7cd17..8954a0a1 100644 --- a/internal/utils/utils.go +++ b/internal/utils/utils.go @@ -43,11 +43,20 @@ func GetIPFromRequest(r *http.Request) net.IP { } func GenerateRandomHex(n uint32) (string, error) { - b := make([]byte, n) - _, err := rand.Read(b) + b, err := GenerateRandom(n) if err != nil { return "", err } return hex.EncodeToString(b), nil } + +func GenerateRandom(n uint32) ([]byte, error) { + b := make([]byte, n) + _, err := rand.Read(b) + if err != nil { + return b, err + } + + return b, nil +} diff --git a/internal/webserver/authenticators/oidc.go b/internal/webserver/authenticators/oidc.go index 870ee76e..634ea02e 100644 --- a/internal/webserver/authenticators/oidc.go +++ b/internal/webserver/authenticators/oidc.go @@ -39,17 +39,22 @@ func (o *Oidc) LogoutPath() string { func (o *Oidc) Init() error { - key, err := utils.GenerateRandomHex(32) + key, err := utils.GenerateRandom(32) if err != nil { return errors.New("failed to get random key: " + err.Error()) } + hashkey, err := utils.GenerateRandom(32) + if err != nil { + return errors.New("failed to get random hash key: " + err.Error()) + } + o.details, err = data.GetOidc() if err != nil { return err } - cookieHandler := httphelper.NewCookieHandler([]byte(key), []byte(key), httphelper.WithUnsecure()) + cookieHandler := httphelper.NewCookieHandler([]byte(hashkey), []byte(key), httphelper.WithUnsecure()) options := []rp.Option{ rp.WithCookieHandler(cookieHandler),