This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push:
new cd78abb Switch to using 32 bytes for CSRF
cd78abb is described below
commit cd78abb31072dde90b4dfed4f024347d4e2466b4
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Mon Sep 23 11:06:29 2019 +0100
Switch to using 32 bytes for CSRF
---
.../oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java
index 79e078a..f33856c 100644
---
a/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java
+++
b/services/oidc/src/main/java/org/apache/cxf/fediz/service/oidc/CSRFUtils.java
@@ -41,7 +41,7 @@ public final class CSRFUtils {
// If no existing token then create a new one, save it, and return
it
if (create) {
- String token =
StringUtils.toHexString(CryptoUtils.generateSecureRandomBytes(16));
+ String token =
StringUtils.toHexString(CryptoUtils.generateSecureRandomBytes(32));
request.getSession().setAttribute(CSRF_TOKEN, token);
return token;
}
