[Add] csrf 테스트 추가
This commit is contained in:
tv0924@icloud.com
parent
e868cbec67
commit
366f90e5a8
6 changed files with 0 additions and 0 deletions
31
playground/pkce/src/PKCEDowngradeExpress.js
Normal file
31
playground/pkce/src/PKCEDowngradeExpress.js
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
const express = require("express");
|
||||
const app = express();
|
||||
|
||||
app.get("/auth", (req, res) => {
|
||||
const {
|
||||
client_id,
|
||||
response_type,
|
||||
code_challenge,
|
||||
code_challenge_method,
|
||||
scope
|
||||
} = req.query;
|
||||
|
||||
console.log("Incoming request:", req.query);
|
||||
|
||||
if (!client_id || response_type !== "code") {
|
||||
return res.status(400).send("Missing required parameters");
|
||||
}
|
||||
|
||||
// Simulate issuing an authorization code
|
||||
const code = "dummy-auth-code";
|
||||
|
||||
// Simulate PKCE check (normally you'd validate here)
|
||||
// We deliberately allow the downgrade here to simulate the vulnerability
|
||||
const responseBody = `Authorization successful. code=${code}`;
|
||||
return res.status(200).send(responseBody);
|
||||
});
|
||||
|
||||
const PORT = 5050;
|
||||
app.listen(PORT, () => {
|
||||
console.log(`Test PKCE server running on http://localhost:${PORT}`);
|
||||
});
|
||||
Loading…
Add table
Add a link
Reference in a new issue