auth

Paddy 2014-08-16 Parent:9a1e62c24903 Child:9fe684b33b3d

16:13568ac73ac3 Go to Latest

auth/session.go

Note the potential for CSRF attacks. Our auth provider probably shouldn't have security vulnerabilities. Add TODOs to ensure that logging in and authorizing a grant are not susceptible to CSRF attacks, or it becomes pretty easy for an attacker to gain access to user data or to gain access to a user account.

Download raw file
View source Diff to previous Annotate
History
paddy@6 1 package auth
paddy@1 2
paddy@1 3 import "net/http"
paddy@1 4
paddy@2 5 func validateSession(r *http.Request, c Context) error {
paddy@11 6 // TODO: return an error if the user does not have a valid session
paddy@1 7 return nil
paddy@1 8 }