omniauth-oauth2 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.

This version of omniauth-oauth2 might be problematic. Click here for more details.

Files changed (3) hide show
  1. data/lib/omniauth-oauth2/version.rb +1 -1
  2. data/lib/omniauth/strategies/oauth2.rb +3 -4
  3. metadata +3 -2
data/lib/omniauth-oauth2/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.1.0"
3
+ VERSION = "1.1.1"
4
4
  end
5
5
  end
data/lib/omniauth/strategies/oauth2.rb CHANGED
@@ -24,6 +24,7 @@ module OmniAuth
24
24
  option :authorize_options, [:scope]
25
25
  option :token_params, {}
26
26
  option :token_options, []
27
+ option :provider_ignores_state, false
27
28
 
28
29
  attr_accessor :access_token
29
30
 
@@ -48,9 +49,7 @@ module OmniAuth
48
49
  end
49
50
 
50
51
  def authorize_params
51
- if options.authorize_params[:state].to_s.empty?
52
- options.authorize_params[:state] = SecureRandom.hex(24)
53
- end
52
+ options.authorize_params[:state] = SecureRandom.hex(24)
54
53
  params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
55
54
  if OmniAuth.config.test_mode
56
55
  @env ||= {}
@@ -68,7 +67,7 @@ module OmniAuth
68
67
  if request.params['error'] || request.params['error_reason']
69
68
  raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
70
69
  end
71
- if request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state')
70
+ if !options.provider_ignores_state && (request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state'))
72
71
  raise CallbackError.new(nil, :csrf_detected)
73
72
  end
74
73
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-07-06 00:00:00.000000000 Z
12
+ date: 2012-09-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -151,3 +151,4 @@ signing_key:
151
151
  specification_version: 3
152
152
  summary: An abstract OAuth2 strategy for OmniAuth.
153
153
  test_files: []
154
+ has_rdoc: