From 145e7b418216ae6cab624dad18184e9bc84609ce Mon Sep 17 00:00:00 2001
From: Ryan <ryan.gilbert@cabinetoffice.gov.uk>
Date: Mon, 17 Jul 2023 16:40:33 +0100
Subject: [PATCH] One Login url calls random uuid

---
 .../gapuserservice/service/OneLoginService.java  | 16 ++++++----------
 .../gapuserservice/web/LoginControllerV2.java    |  2 --
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/main/java/gov/cabinetofice/gapuserservice/service/OneLoginService.java b/src/main/java/gov/cabinetofice/gapuserservice/service/OneLoginService.java
index 248d5b46..679d174f 100644
--- a/src/main/java/gov/cabinetofice/gapuserservice/service/OneLoginService.java
+++ b/src/main/java/gov/cabinetofice/gapuserservice/service/OneLoginService.java
@@ -42,10 +42,6 @@ public class OneLoginService {
     @Value("${onelogin.private-key}")
     public String privateKey;
 
-    private String nonce;
-
-    private String state;
-
     private static final String SCOPE = "openid email";
 
     private static final String VTR = "[\"Cl.Cm\"]";
@@ -153,13 +149,13 @@ public Optional<User> getUser(final String email, final String sub) {
     }
 
     public String generateNonce() {
-         nonce = UUID.randomUUID().toString();
-         return nonce;
+         return UUID.randomUUID().toString();
+
     }
 
     public String generateState() {
-        state = UUID.randomUUID().toString();
-        return state;
+        return UUID.randomUUID().toString();
+
     }
 
     public String getOneLoginAuthorizeUrl() {
@@ -168,9 +164,9 @@ public String getOneLoginAuthorizeUrl() {
                         "/authorize?response_type=code" +
                         "&scope=" + SCOPE +
                         "&client_id=" + clientId +
-                        "&state=" + nonce +
+                        "&state=" + generateState() +
                         "&redirect_uri=" + serviceRedirectUrl +
-                        "&nonce=" + state +
+                        "&nonce=" + generateNonce() +
                         "&vtr=" + VTR +
                         "&ui_locales=" + UI;
     }
diff --git a/src/main/java/gov/cabinetofice/gapuserservice/web/LoginControllerV2.java b/src/main/java/gov/cabinetofice/gapuserservice/web/LoginControllerV2.java
index 02bec79b..e0199390 100644
--- a/src/main/java/gov/cabinetofice/gapuserservice/web/LoginControllerV2.java
+++ b/src/main/java/gov/cabinetofice/gapuserservice/web/LoginControllerV2.java
@@ -68,8 +68,6 @@ public RedirectView login(final @RequestParam Optional<String> redirectUrl,
             response.addCookie(redirectUrlCookie);
 
             // TODO : Decide on where to set and evaluate nonce and state
-            final String nonce = oneLoginService.generateNonce();
-            final String state = oneLoginService.generateState();
             return new RedirectView(NOTICE_PAGE_VIEW);
         }