Security fix: redirection in google_api/authorizations_controller

author: Shinya Maeda <shinya@gitlab.com> 2017-10-06 21:28:40 +0900
committer: Shinya Maeda <shinya@gitlab.com> 2017-10-06 21:28:40 +0900
commit: f293288589f24e1928b57dcd3428b762ae9ced79 (patch)
tree: d54b6425ac0fe596e27d3cbe291e08f28b10267b /lib/google_api
parent: 5ced761ebdcb0579377e338c2e321e4ba0373336 (diff)
download: gitlab-ce-f293288589f24e1928b57dcd3428b762ae9ced79.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/google_api/cloud_platform/client.rb b/lib/google_api/cloud_platform/client.rb
index 5ec1fa37546..6d0c148b261 100644
--- a/lib/google_api/cloud_platform/client.rb
+++ b/lib/google_api/cloud_platform/client.rb
@@ -15,6 +15,11 @@ module GoogleApi
         def session_key_for_expires_at
           :cloud_platform_expires_at
         end
+
+        def session_key_for_second_redirect_uri(secure: nil)
+          secure = SecureRandom.hex unless secure
+          return "cloud_platform_second_redirect_uri_#{secure}", secure
+        end
       end
 
       def scope
author	Shinya Maeda <shinya@gitlab.com>	2017-10-06 21:28:40 +0900
committer	Shinya Maeda <shinya@gitlab.com>	2017-10-06 21:28:40 +0900
commit	f293288589f24e1928b57dcd3428b762ae9ced79 (patch)
tree	d54b6425ac0fe596e27d3cbe291e08f28b10267b /lib/google_api
parent	5ced761ebdcb0579377e338c2e321e4ba0373336 (diff)
download	gitlab-ce-f293288589f24e1928b57dcd3428b762ae9ced79.tar.gz