fix: added check for state

affinidi · Mar 14, 2024 · b18ef94 · b18ef94
1 parent 4621b13
commit b18ef94
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/includes/wp-affinidi-login-callback.php b/includes/wp-affinidi-login-callback.php
@@ -22,9 +22,9 @@
 // }
 
 // Authenticate Check and Redirect
-if (!isset($_GET['code']) && !isset($_GET['error_description'])) {
+if (!isset($_GET['code']) && !isset($_GET['error_description']) && !empty($_GET['state'])) {
 
-    // Grab a copy of the options and set the redirect location.
+    // Grab the state from the Auth URL and send to AL
     $state = $_GET['state'];
 
     // generate code verifier and challenge
@@ -51,6 +51,16 @@
     exit;
 }
 
+// Check for error 
+if (empty($_GET['state'])) {
+    // log error description on server side
+    $log_message = "Affinidi Login: State is empty".PHP_EOL;
+    error_log($log_message);
+    // redirect user with error code
+    wp_safe_redirect($user_redirect . "?message=affinidi_login_failed");
+    exit;
+}
+
 // retrieve state and get the transient info for redirect
 $state      = sanitize_text_field($_GET['state']);
 $redirect_to = get_transient("affinidi_user_redirect_to".$state);