From 61eb99560c468549ba3b4c26986d2cb037100c8b Mon Sep 17 00:00:00 2001 From: Daniela Baron Date: Sat, 21 May 2016 14:35:56 -0400 Subject: [PATCH] #19 make use of state parameter --- src/modules/oauth-github.js | 5 +++-- src/resources/oauth/github.js | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/modules/oauth-github.js b/src/modules/oauth-github.js index 225057e..8bd768b 100644 --- a/src/modules/oauth-github.js +++ b/src/modules/oauth-github.js @@ -18,7 +18,7 @@ class OauthGithub extends Module { this.requestPromise = requestPromise; } - login(sessionCode, clientId, clientSecret) { + login(sessionCode, state, clientId, clientSecret) { let options = { method: 'POST', uri: 'https://github.com/login/oauth/access_token', @@ -26,7 +26,8 @@ class OauthGithub extends Module { body: { 'client_id': clientId, 'client_secret': clientSecret, - 'code': sessionCode + 'code': sessionCode, + 'state': state } }; return new Promise((resolve, reject) => { diff --git a/src/resources/oauth/github.js b/src/resources/oauth/github.js index 75a7d25..0a83603 100644 --- a/src/resources/oauth/github.js +++ b/src/resources/oauth/github.js @@ -12,8 +12,8 @@ class GithubResource extends Resource { } getAll(ctx) { - // TODO should also include "state" let sessionCode = ctx.query.code; + let state = ctx.query.state; let clientId = this.params.get('github oauth client id'); let clientSecret = this.params.get('github oauth client secret'); @@ -26,7 +26,7 @@ class GithubResource extends Resource { scope: "user:email" } */ - return this.oauthGithub.login(sessionCode, clientId, clientSecret) + return this.oauthGithub.login(sessionCode, state, clientId, clientSecret) .then((response) => { this.log.debug(`Received user access token with scope: ${response.scope}`); // TODO: Store response.access_token in session