lib/warden-github/strategy.rb in warden-github-0.7.0 vs lib/warden-github/strategy.rb in warden-github-0.8.0
- old
+ new
@@ -4,24 +4,30 @@
def params
@params ||= Rack::Utils.parse_query(request.query_string)
end
def authenticate!
- if params['code']
+ if(params['code'] && params['state'] &&
+ params['state'] == env['rack.session']['github_oauth_state'])
begin
api = api_for(params['code'])
success!(Warden::Github::Oauth::User.new(Yajl.load(user_info_for(api.token)), api.token))
rescue OAuth2::Error
%(<p>Outdated ?code=#{params['code']}:</p><p>#{$!}</p><p><a href="/auth/github">Retry</a></p>)
end
else
+ env['rack.session']['github_oauth_state'] = state
env['rack.session']['return_to'] = env['REQUEST_URI']
throw(:warden, [ 302, {'Location' => authorize_url}, [ ]])
end
end
private
+
+ def state
+ oauth_proxy.state
+ end
def oauth_client
oauth_proxy.client
end