From ab0c30013b65996e95b9e33b514efd83d9a96b62 Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Sat, 21 Nov 2020 15:31:13 +0100
Subject: [PATCH] Verify auth state before authenticating

---
 src/views/user/Login.vue      | 4 ++--
 src/views/user/OpenIdAuth.vue | 7 +++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/views/user/Login.vue b/src/views/user/Login.vue
index 49ecf4d18..98cc03a6f 100644
--- a/src/views/user/Login.vue
+++ b/src/views/user/Login.vue
@@ -6,7 +6,7 @@
 				You successfully confirmed your email! You can log in now.
 			</div>
 			<api-config/>
-			<form @submit.prevent="submit" id="loginform">
+			<form @submit.prevent="submit" id="loginform" v-if="localAuthEnabled">
 				<div class="field">
 					<label class="label" for="username">Username</label>
 					<div class="control">
@@ -136,7 +136,7 @@ export default {
 		errorMessage: ERROR_MESSAGE,
 		needsTotpPasscode: state => state.auth.needsTotpPasscode,
 		authenticated: state => state.auth.authenticated,
-		localAuthEnabled: state => state.config.auth.enabled,
+		localAuthEnabled: state => state.config.auth.local.enabled,
 		openidConnect: state => state.config.auth.openidConnect,
 	}),
 	methods: {
diff --git a/src/views/user/OpenIdAuth.vue b/src/views/user/OpenIdAuth.vue
index 4c359cd57..ebab542d4 100644
--- a/src/views/user/OpenIdAuth.vue
+++ b/src/views/user/OpenIdAuth.vue
@@ -38,6 +38,13 @@ export default {
 			}
 			localStorage.setItem('authenticating', true)
 
+			const state = localStorage.getItem('state')
+			if(typeof this.$route.query.state === 'undefined' || this.$route.query.state !== state) {
+				localStorage.removeItem('authenticating')
+				this.$store.commit(ERROR_MESSAGE, 'State does not match, refusing to continue!')
+				return
+			}
+
 			this.$store.commit(ERROR_MESSAGE, '')
 
 			this.$store.dispatch('auth/openIdAuth', {