omniauth-oauth2 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.


This version of omniauth-oauth2 might be problematic. Click here for more details.

@@ -1,5 +1,5 @@
1
1
  module OmniAuth
2
2
  module OAuth2
3
- VERSION = "1.1.0"
3
+ VERSION = "1.1.1"
4
4
  end
5
5
  end
@@ -24,6 +24,7 @@ module OmniAuth
24
24
  option :authorize_options, [:scope]
25
25
  option :token_params, {}
26
26
  option :token_options, []
27
+ option :provider_ignores_state, false
27
28
 
28
29
  attr_accessor :access_token
29
30
 
@@ -48,9 +49,7 @@ module OmniAuth
48
49
  end
49
50
 
50
51
  def authorize_params
51
- if options.authorize_params[:state].to_s.empty?
52
- options.authorize_params[:state] = SecureRandom.hex(24)
53
- end
52
+ options.authorize_params[:state] = SecureRandom.hex(24)
54
53
  params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
55
54
  if OmniAuth.config.test_mode
56
55
  @env ||= {}
@@ -68,7 +67,7 @@ module OmniAuth
68
67
  if request.params['error'] || request.params['error_reason']
69
68
  raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
70
69
  end
71
- if request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state')
70
+ if !options.provider_ignores_state && (request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state'))
72
71
  raise CallbackError.new(nil, :csrf_detected)
73
72
  end
74
73
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: omniauth-oauth2
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-07-06 00:00:00.000000000 Z
12
+ date: 2012-09-18 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: omniauth
@@ -151,3 +151,4 @@ signing_key:
151
151
  specification_version: 3
152
152
  summary: An abstract OAuth2 strategy for OmniAuth.
153
153
  test_files: []
154
+ has_rdoc: