fixed GHSA-868r-97g5-r9g4 - insufficient authentication for SSO users

warp-tech · Jul 7, 2023 · 8173f65 · 8173f65
1 parent 4fe4bfe
commit 8173f65
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/warpgate-protocol-http/src/api/sso_provider_list.rs b/warpgate-protocol-http/src/api/sso_provider_list.rs
@@ -193,6 +193,12 @@ impl Api {
         let mut state = state_arc.lock().await;
         let mut cp = services.config_provider.lock().await;
 
+        if state.username() != username {
+            return Ok(Err(format!(
+                "Incorrect account for SSO authentication ({username})"
+            )));
+        }
+
         if cp.validate_credential(&username, &cred).await? {
             state.add_valid_credential(cred);
         }