rclone/lib
Nick Craig-Wood 349112df6b oauthutil: fix security problem when running with two users on the same machine
Before this change two users could run `rclone config` for the same
backend on the same machine at the same time.

User A would get as far as starting the web server.  User B would then
fail to start the webserver, but it would open the browser on the
/auth URL which would redirect the user to the login.  This would then
cause user B to authenticate to user A's rclone.

This changes fixes the problem in two ways.

Firstly it passes the state to the /auth call before redirecting and
checks it there, erroring with a 403 error if it doesn't match.  This
would have fixed the problem on its own.

Secondly it delays the opening of the web browser until after the auth
webserver has started which prevents the user entering the credentials
if another auth server is running.

Fixes #3573
2019-09-29 10:42:02 +01:00
..
atexit build: fix up package paths after repo move 2019-07-28 18:47:38 +01:00
bucket lib/bucket: shorten locking window where possible 2019-08-22 23:06:59 +01:00
cache lib/cache,rc/jobs: make tests more reliable 2019-09-20 11:53:08 +01:00
dircache lib/dircache: add a way to dump the DirCache for debugging 2019-08-22 11:57:35 +01:00
encoder build: fix up package paths after repo move 2019-07-28 18:47:38 +01:00
env lib/env: Make env_test.go support Windows 2019-05-14 07:55:08 +01:00
errors build: fix up package paths after repo move 2019-07-28 18:47:38 +01:00
file lib/file: reimplement os.OpenFile allowing rename/delete open files under Windows 2019-01-11 10:26:34 +00:00
israce fs/asyncreader: skip some tests to work around race detector bug 2018-08-20 12:34:29 +01:00
jwtutil jwtutil: functionality to get an access token via JWT authentication 2019-09-20 17:15:16 +01:00
mmap lib/mmap: library to do memory allocation with anonymous memory maps 2019-02-02 14:35:56 +00:00
oauthutil oauthutil: fix security problem when running with two users on the same machine 2019-09-29 10:42:02 +01:00
pacer lib/pacer: make tests more reliable 2019-09-20 16:07:55 +01:00
pool build: fix up package paths after repo move 2019-07-28 18:47:38 +01:00
random Review random string/password generation 2019-08-25 11:09:19 +01:00
readers lib/readers: add NoCloser to stop upgrades from io.Reader to io.ReadCloser 2019-08-26 12:23:31 +01:00
rest rest: fix missing error check 2019-09-13 23:50:39 +01:00