warden-github 0.7.0 → 0.8.0

data/lib/warden-github/proxy.rb

@@ -28,8 +28,13 @@ module Warden
           client.auth_code.get_token(code, :redirect_uri => callback_url)
         end
 
+        def state
+          @state ||= Digest::SHA1.hexdigest(rand(36**8).to_s(36))
+        end
+
         def authorize_url
           client.auth_code.authorize_url(
+            :state        => state,
             :scope        => scopes,
             :redirect_uri => callback_url
           )

data/lib/warden-github/strategy.rb

@@ -6,7 +6,8 @@ Warden::Strategies.add(:github) do
   end
 
   def authenticate!
-    if params['code']
+    if(params['code'] && params['state'] &&
+       params['state'] == env['rack.session']['github_oauth_state'])
       begin
         api = api_for(params['code'])
 
@@ -15,6 +16,7 @@ Warden::Strategies.add(:github) do
         %(<p>Outdated ?code=#{params['code']}:</p><p>#{$!}</p><p><a href="/auth/github">Retry</a></p>)
       end
     else
+      env['rack.session']['github_oauth_state'] = state
       env['rack.session']['return_to'] = env['REQUEST_URI']
       throw(:warden, [ 302, {'Location' => authorize_url}, [ ]])
     end
@@ -22,6 +24,10 @@ Warden::Strategies.add(:github) do
 
   private
 
+  def state
+    oauth_proxy.state
+  end
+
   def oauth_client
     oauth_proxy.client
   end

data/lib/warden-github/version.rb

@@ -1,5 +1,5 @@
 module Warden
   module Github
-    VERSION = "0.7.0"
+    VERSION = "0.8.0"
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: warden-github
 version: !ruby/object:Gem::Version 
-  hash: 3
+  hash: 63
   prerelease: 
   segments: 
   - 0
-  - 7
+  - 8
   - 0
-  version: 0.7.0
+  version: 0.8.0
 platform: ruby
 authors: 
 - Corey Donohoe
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-06-12 00:00:00 -07:00
+date: 2012-07-04 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency