From 7fc4490bb874668155ecfdb92a752df62211ccb5 Mon Sep 17 00:00:00 2001
From: ifedapoolarewaju <ifedapoolarewaju@gmail.com>
Date: Thu, 27 Feb 2020 17:28:30 +0100
Subject: [PATCH 1/2] companion: read state from session in oauth-redirect
 controller

---
 .../companion/src/server/controllers/oauth-redirect.js    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/packages/@uppy/companion/src/server/controllers/oauth-redirect.js b/packages/@uppy/companion/src/server/controllers/oauth-redirect.js
index 7c7b57baa0..b73c1cd9bf 100644
--- a/packages/@uppy/companion/src/server/controllers/oauth-redirect.js
+++ b/packages/@uppy/companion/src/server/controllers/oauth-redirect.js
@@ -9,10 +9,12 @@ const oAuthState = require('../helpers/oauth-state')
  * @param {object} res
  */
 module.exports = function oauthRedirect (req, res) {
-  if (!req.query.state) {
-    return res.status(400).send('Cannot find state param in reques')
+  const dynamic = (req.session.grant || {}).dynamic || {}
+  const state = dynamic.state
+  if (!state) {
+    return res.status(400).send('Cannot find state in session')
   }
-  const handler = oAuthState.getFromState(req.query.state, 'companionInstance', req.companion.options.secret)
+  const handler = oAuthState.getFromState(state, 'companionInstance', req.companion.options.secret)
   const handlerHostName = parseUrl(handler).host
 
   if (hasMatch(handlerHostName, req.companion.options.server.validHosts)) {

From b59d5b4fb645b5384d3bf340b0b73a096947e800 Mon Sep 17 00:00:00 2001
From: ifedapoolarewaju <ifedapoolarewaju@gmail.com>
Date: Thu, 27 Feb 2020 18:45:12 +0100
Subject: [PATCH 2/2] companion: use state in session in tests

---
 packages/@uppy/companion/test/mockserver.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/@uppy/companion/test/mockserver.js b/packages/@uppy/companion/test/mockserver.js
index e908381a39..9ca19c437f 100644
--- a/packages/@uppy/companion/test/mockserver.js
+++ b/packages/@uppy/companion/test/mockserver.js
@@ -2,7 +2,7 @@ const { app } = require('../src/standalone')
 
 const express = require('express')
 const session = require('express-session')
-var authServer = express()
+const authServer = express()
 
 authServer.use(session({ secret: 'grant', resave: true, saveUninitialized: true }))
 authServer.all('*/callback', (req, res, next) => {
@@ -11,7 +11,7 @@ authServer.all('*/callback', (req, res, next) => {
   }
   next()
 })
-authServer.all('*/send-token', (req, res, next) => {
+authServer.all(['*/send-token', '*/redirect'], (req, res, next) => {
   req.session.grant = { dynamic: { state: req.query.state || 'non-empty-value' } }
   next()
 })