[JENKINS-36706] Handle session timeout better

jenkinsci · Feb 4, 2017 · 3d999a0 · 3d999a0
1 parent bd9d822
commit 3d999a0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java b/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
@@ -42,6 +42,7 @@
 import hudson.Extension;
 import hudson.Util;
 import hudson.model.Descriptor;
+import hudson.model.Failure;
 import hudson.model.User;
 import hudson.security.SecurityRealm;
 import hudson.util.HttpResponses;
@@ -243,7 +244,11 @@ private String buildOAuthRedirectUrl() {
      * This is where the user comes back to at the end of the OpenID redirect ping-pong.
      */
     public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
-        return OAuthSession.getCurrent().doFinishLogin(request);
+        if (OAuthSession.getCurrent() != null) {
+            return OAuthSession.getCurrent().doFinishLogin(request);
+        } else {
+            return new Failure("Your Jenkins session has expired. Please login again.");
+        }
     }
 
     @Extension

diff --git a/src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java b/src/main/java/org/jenkinsci/plugins/googlelogin/OAuthSession.java
@@ -84,6 +84,10 @@ public HttpResponse doCommenceLogin() throws IOException {
      * When the identity provider is done with its thing, the user comes back here.
      */
     public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
+        if (request.getParameter("state") == null) {
+            // user was not sent here by Google
+            return HttpResponses.redirectToContextRoot();
+        }
         StringBuffer buf = request.getRequestURL();
         if (request.getQueryString() != null) {
             buf.append('?').append(request.getQueryString());