lib/warden-github/strategy.rb in warden-github-0.7.0 vs lib/warden-github/strategy.rb in warden-github-0.8.0

- old
+ new

@@ -4,24 +4,30 @@ def params @params ||= Rack::Utils.parse_query(request.query_string) end def authenticate! - if params['code'] + if(params['code'] && params['state'] && + params['state'] == env['rack.session']['github_oauth_state']) begin api = api_for(params['code']) success!(Warden::Github::Oauth::User.new(Yajl.load(user_info_for(api.token)), api.token)) rescue OAuth2::Error %(<p>Outdated ?code=#{params['code']}:</p><p>#{$!}</p><p><a href="/auth/github">Retry</a></p>) end else + env['rack.session']['github_oauth_state'] = state env['rack.session']['return_to'] = env['REQUEST_URI'] throw(:warden, [ 302, {'Location' => authorize_url}, [ ]]) end end private + + def state + oauth_proxy.state + end def oauth_client oauth_proxy.client end