release 1.3.1: avoid crash if no session exists on redirect_uri access

may address #43; thanks @venkatmarepalli and @bungle

Signed-off-by: Hans Zandbelt <[email protected]>

.travis.yml

@@ -4,7 +4,7 @@ sudo: false
 
 env:
   global:
-    - VERSION=1.3.0-2
+    - VERSION=1.3.1-1
     - NAME=lua-resty-openidc
     - ROCKSPEC=$NAME-$VERSION.rockspec
     - LUAROCKS=2.3.0

ChangeLog

@@ -1,3 +1,7 @@
+03/27/2017
+- avoid crashes when no session is found upon callback to the redirect_uri; may address #43
+- release 1.3.1
+
 02/28/2017
 - add dist.ini for OpenResty OPM; should address #38
 

lib/resty/openidc.lua

@@ -57,7 +57,7 @@ local type    = type
 local ngx     = ngx
 
 local openidc = {
-  _VERSION = "1.3.0"
+  _VERSION = "1.3.1"
 }
 openidc.__index = openidc
 
@@ -556,6 +556,11 @@ function openidc.authenticate(opts, target_url)
   -- see if this is a request to the redirect_uri i.e. an authorization response
   local path = target_url:match("(.-)%?") or target_url
   if path == opts.redirect_uri_path then
+    if not session.present then
+      err = "request to the redirect_uri_path but there's no session state found"
+      ngx.log(ngx.ERR, err)
+      return nil, err, target_url
+    end
     return openidc_authorization_response(opts, session)
   end
 
@@ -565,7 +570,7 @@ function openidc.authenticate(opts, target_url)
   end
 
   -- if we have no id_token then redirect to the OP for authentication
-  if not session.data.id_token then
+  if not session.present or not session.data.id_token then
     return openidc_authorize(opts, session, target_url)
   end
 

lua-resty-openidc-1.3.0-2.rockspec → lua-resty-openidc-1.3.1-1.rockspec

@@ -1,8 +1,8 @@
 package = "lua-resty-openidc"
-version = "1.3.0-2"
+version = "1.3.1-1"
 source = {
     url = "git://github.com/pingidentity/lua-resty-openidc",
-    tag = "v1.3.0",
+    tag = "v1.3.1",
     dir = "lua-resty-openidc"
 }
 description = {