From d9c7cd65643f65722fa00736aeb662a86046d689 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Fri, 17 Jun 2022 22:25:14 +1000
Subject: [PATCH] fix(model): potential panic (#3538)

This fixes a potential panic in the conversion from a fosite.Requester to an *OAuth2Session object.
---
 internal/handlers/handler_oidc_token.go |  2 ++
 internal/model/oidc.go                  | 23 +++++++++++++----------
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/internal/handlers/handler_oidc_token.go b/internal/handlers/handler_oidc_token.go
index bda2205ae..d8efdae23 100644
--- a/internal/handlers/handler_oidc_token.go
+++ b/internal/handlers/handler_oidc_token.go
@@ -44,6 +44,8 @@ func OpenIDConnectTokenPOST(ctx *middlewares.AutheliaCtx, rw http.ResponseWriter
 		}
 	}
 
+	ctx.Logger.Tracef("Access Request with id '%s' on client with id '%s' response is being generated for session with type '%T'", requester.GetID(), client.GetID(), requester.GetSession())
+
 	if responder, err = ctx.Providers.OpenIDConnect.Fosite.NewAccessResponse(ctx, requester); err != nil {
 		rfc := fosite.ErrorToRFC6749Error(err)
 
diff --git a/internal/model/oidc.go b/internal/model/oidc.go
index d20b4cc8e..845790e5d 100644
--- a/internal/model/oidc.go
+++ b/internal/model/oidc.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/sha256"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"net/url"
 	"time"
@@ -40,23 +39,27 @@ func NewOAuth2ConsentSession(subject NullUUID, r fosite.Requester) (consent *OAu
 func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session *OAuth2Session, err error) {
 	var (
 		subject       string
-		openidSession *OpenIDSession
-		sessData      []byte
+		sessionOpenID *OpenIDSession
+		sessionData   []byte
 	)
 
-	openidSession = r.GetSession().(*OpenIDSession)
-	if openidSession == nil {
-		return nil, errors.New("unexpected session type")
+	s := r.GetSession()
+
+	switch t := s.(type) {
+	case *OpenIDSession:
+		sessionOpenID = t
+	default:
+		return nil, fmt.Errorf("can't convert type '%T' to an *OAuth2Session", s)
 	}
 
-	subject = openidSession.GetSubject()
+	subject = sessionOpenID.GetSubject()
 
-	if sessData, err = json.Marshal(openidSession); err != nil {
+	if sessionData, err = json.Marshal(sessionOpenID); err != nil {
 		return nil, err
 	}
 
 	return &OAuth2Session{
-		ChallengeID:       openidSession.ChallengeID,
+		ChallengeID:       sessionOpenID.ChallengeID,
 		RequestID:         r.GetID(),
 		ClientID:          r.GetClient().GetID(),
 		Signature:         signature,
@@ -69,7 +72,7 @@ func NewOAuth2SessionFromRequest(signature string, r fosite.Requester) (session
 		Active:            true,
 		Revoked:           false,
 		Form:              r.GetRequestForm().Encode(),
-		Session:           sessData,
+		Session:           sessionData,
 	}, nil
 }