Skip to content

Commit

Permalink
oauth2 state
Browse files Browse the repository at this point in the history
  • Loading branch information
@sahat
sahat committed Jan 5, 2015
1 parent 6fe6e38 commit 2cdb967
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 13 deletions.
19 changes: 13 additions & 6 deletions examples/client/vendor/satellizer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@
scope: ['profile', 'email'],
scopePrefix: 'openid',
scopeDelimiter: ' ',
requiredUrlParams: ['scope', 'state'],
requiredUrlParams: ['scope'],
optionalUrlParams: ['display'],
display: 'popup',
state: 'YOYO',
type: '2.0',
popupOptions: { width: 452, height: 633 }
},
Expand Down Expand Up @@ -359,10 +358,11 @@
.factory('satellizer.Oauth2', [
'$q',
'$http',
'$window',
'satellizer.popup',
'satellizer.utils',
'satellizer.config',
function($q, $http, popup, utils) {
function($q, $http, $window, popup, utils, config) {
return function() {

var defaults = {
Expand All @@ -387,12 +387,16 @@
oauth2.open = function(options, userData) {
angular.extend(defaults, options);

if (defaults.state) {
$window.localStorage.state = defaults.state();
}

var url = defaults.authorizationEndpoint + '?' + oauth2.buildQueryString();

return popup.open(url, defaults.popupOptions)
.then(function(oauthData) {
if (oauthData.state && oauthData.state !== defaults.state) {
throw new Error('Invalid state parameter');
if (oauthData.state && oauthData.state !== $window.localStorage.state) {
return $q.reject({ data: 'Invalid state parameter' });
}
if (defaults.responseType === 'token') {
return oauthData;
Expand All @@ -411,7 +415,6 @@
});

angular.forEach(defaults.responseParams, function(param) {
console.log(param);
data[param] = oauthData[param];
});

Expand All @@ -427,6 +430,10 @@
var camelizedName = utils.camelCase(paramName);
var paramValue = defaults[camelizedName];

if (paramName === 'state') {
paramValue = $window.localStorage.state;
}

if (paramName === 'scope' && Array.isArray(paramValue)) {
paramValue = paramValue.join(defaults.scopeDelimiter);

Expand Down
19 changes: 13 additions & 6 deletions satellizer.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@
scope: ['profile', 'email'],
scopePrefix: 'openid',
scopeDelimiter: ' ',
requiredUrlParams: ['scope', 'state'],
requiredUrlParams: ['scope'],
optionalUrlParams: ['display'],
display: 'popup',
state: 'YOYO',
type: '2.0',
popupOptions: { width: 452, height: 633 }
},
Expand Down Expand Up @@ -359,10 +358,11 @@
.factory('satellizer.Oauth2', [
'$q',
'$http',
'$window',
'satellizer.popup',
'satellizer.utils',
'satellizer.config',
function($q, $http, popup, utils) {
function($q, $http, $window, popup, utils, config) {
return function() {

var defaults = {
Expand All @@ -387,12 +387,16 @@
oauth2.open = function(options, userData) {
angular.extend(defaults, options);

if (defaults.state) {
$window.localStorage.state = defaults.state();
}

var url = defaults.authorizationEndpoint + '?' + oauth2.buildQueryString();

return popup.open(url, defaults.popupOptions)
.then(function(oauthData) {
if (oauthData.state && oauthData.state !== defaults.state) {
throw new Error('Invalid state parameter');
if (oauthData.state && oauthData.state !== $window.localStorage.state) {
return $q.reject({ data: 'Invalid state parameter' });
}
if (defaults.responseType === 'token') {
return oauthData;
Expand All @@ -411,7 +415,6 @@
});

angular.forEach(defaults.responseParams, function(param) {
console.log(param);
data[param] = oauthData[param];
});

Expand All @@ -427,6 +430,10 @@
var camelizedName = utils.camelCase(paramName);
var paramValue = defaults[camelizedName];

if (paramName === 'state') {
paramValue = $window.localStorage.state;
}

if (paramName === 'scope' && Array.isArray(paramValue)) {
paramValue = paramValue.join(defaults.scopeDelimiter);

Expand Down
Loading

0 comments on commit 2cdb967

Please sign in to comment.