Skip to content

Commit

Permalink
apply patch suggested in clojusc#36 to prevent infinite redirects
Browse files Browse the repository at this point in the history
  • Loading branch information
Ruben Weijers committed Oct 9, 2015
1 parent c78eafa commit 33450eb
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 5 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## Changelog 0.1.3 -> 0.1.4

* apply patch suggested in https://github.com/ddellacosta/friend-oauth2/issues/36 to prevent infinite redirects

## Changelog 0.1.0 -> 0.1.1

* (this time for reals) adds credential-fn for injecting your own functionality in the post-3rd-party-authentication stage. Thanks go to Kevin Lynagh (https://github.com/lynaghk) for this feature.
Expand Down
2 changes: 1 addition & 1 deletion project.clj
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
(defproject friend-oauth2 "0.1.3"
(defproject vita-io/friend-oauth2 "0.1.4"
:description "OAuth2 workflow for Friend (https://github.com/cemerick/friend). (Bug reports/contributions welcome!)"
:url "https://github.com/ddellacosta/friend-oauth2"
:license {:name "MIT License"
Expand Down
3 changes: 1 addition & 2 deletions src/friend_oauth2/util.clj
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,7 @@
(defn extract-anti-forgery-token
"Extracts the anti-csrf state key from the response"
[{session :session}]
(if-let [pairs (first (filter #(= (second %1) "state") session))]
(-> pairs first name)))
(:state session))

(defn generate-anti-forgery-token
"Generates random string for anti-forgery-token."
Expand Down
4 changes: 2 additions & 2 deletions src/friend_oauth2/workflow.clj
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
"Redirects user to OAuth2 provider. Code should be in response."
[{:keys [uri-config]} request]
(let [anti-forgery-token (util/generate-anti-forgery-token)
session-with-af-token (assoc (:session request) (keyword anti-forgery-token) "state")]
session-with-af-token (assoc (:session request) :state anti-forgery-token)]
(-> uri-config
(util/format-authn-uri anti-forgery-token)
ring.util.response/redirect
Expand All @@ -59,7 +59,7 @@
(vary-meta auth-map merge {::friend/workflow :oauth2
::friend/redirect-on-auth? true
:type ::friend/auth})))

(let [auth-error-fn (:auth-error-fn config)]
(if (and error auth-error-fn)
(auth-error-fn error)
Expand Down

0 comments on commit 33450eb

Please sign in to comment.