warden-github 0.7.0 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/warden-github/proxy.rb +5 -0
- data/lib/warden-github/strategy.rb +7 -1
- data/lib/warden-github/version.rb +1 -1
- metadata +4 -4
data/lib/warden-github/proxy.rb
CHANGED
@@ -28,8 +28,13 @@ module Warden
|
|
28
28
|
client.auth_code.get_token(code, :redirect_uri => callback_url)
|
29
29
|
end
|
30
30
|
|
31
|
+
def state
|
32
|
+
@state ||= Digest::SHA1.hexdigest(rand(36**8).to_s(36))
|
33
|
+
end
|
34
|
+
|
31
35
|
def authorize_url
|
32
36
|
client.auth_code.authorize_url(
|
37
|
+
:state => state,
|
33
38
|
:scope => scopes,
|
34
39
|
:redirect_uri => callback_url
|
35
40
|
)
|
@@ -6,7 +6,8 @@ Warden::Strategies.add(:github) do
|
|
6
6
|
end
|
7
7
|
|
8
8
|
def authenticate!
|
9
|
-
if
|
9
|
+
if(params['code'] && params['state'] &&
|
10
|
+
params['state'] == env['rack.session']['github_oauth_state'])
|
10
11
|
begin
|
11
12
|
api = api_for(params['code'])
|
12
13
|
|
@@ -15,6 +16,7 @@ Warden::Strategies.add(:github) do
|
|
15
16
|
%(<p>Outdated ?code=#{params['code']}:</p><p>#{$!}</p><p><a href="/auth/github">Retry</a></p>)
|
16
17
|
end
|
17
18
|
else
|
19
|
+
env['rack.session']['github_oauth_state'] = state
|
18
20
|
env['rack.session']['return_to'] = env['REQUEST_URI']
|
19
21
|
throw(:warden, [ 302, {'Location' => authorize_url}, [ ]])
|
20
22
|
end
|
@@ -22,6 +24,10 @@ Warden::Strategies.add(:github) do
|
|
22
24
|
|
23
25
|
private
|
24
26
|
|
27
|
+
def state
|
28
|
+
oauth_proxy.state
|
29
|
+
end
|
30
|
+
|
25
31
|
def oauth_client
|
26
32
|
oauth_proxy.client
|
27
33
|
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warden-github
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 63
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
-
|
8
|
+
- 8
|
9
9
|
- 0
|
10
|
-
version: 0.
|
10
|
+
version: 0.8.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Corey Donohoe
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-
|
18
|
+
date: 2012-07-04 00:00:00 -07:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|