From 33450eb32b2fba6b277667ef497ebebeebe07153 Mon Sep 17 00:00:00 2001
From: Ruben Weijers <ruben@vita.io>
Date: Fri, 9 Oct 2015 09:58:58 +0200
Subject: [PATCH] apply patch suggested in
 https://github.com/ddellacosta/friend-oauth2/issues/36 to prevent infinite
 redirects

---
 CHANGELOG.md                   | 4 ++++
 project.clj                    | 2 +-
 src/friend_oauth2/util.clj     | 3 +--
 src/friend_oauth2/workflow.clj | 4 ++--
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 06b01bc..afeea8d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Changelog 0.1.3 -> 0.1.4
+
+* apply patch suggested in https://github.com/ddellacosta/friend-oauth2/issues/36 to prevent infinite redirects
+
 ## Changelog 0.1.0 -> 0.1.1
 
 * (this time for reals) adds credential-fn for injecting your own functionality in the post-3rd-party-authentication stage. Thanks go to Kevin Lynagh (https://github.com/lynaghk) for this feature.
diff --git a/project.clj b/project.clj
index 35448fa..e53b53d 100644
--- a/project.clj
+++ b/project.clj
@@ -1,4 +1,4 @@
-(defproject friend-oauth2 "0.1.3"
+(defproject vita-io/friend-oauth2 "0.1.4"
   :description "OAuth2 workflow for Friend (https://github.com/cemerick/friend). (Bug reports/contributions welcome!)"
   :url "https://github.com/ddellacosta/friend-oauth2"
   :license {:name "MIT License"
diff --git a/src/friend_oauth2/util.clj b/src/friend_oauth2/util.clj
index 678b955..1bfdeff 100644
--- a/src/friend_oauth2/util.clj
+++ b/src/friend_oauth2/util.clj
@@ -37,8 +37,7 @@
 (defn extract-anti-forgery-token
   "Extracts the anti-csrf state key from the response"
   [{session :session}]
-  (if-let [pairs (first (filter #(= (second %1) "state") session))]
-    (-> pairs first name)))
+  (:state session))
 
 (defn generate-anti-forgery-token
   "Generates random string for anti-forgery-token."
diff --git a/src/friend_oauth2/workflow.clj b/src/friend_oauth2/workflow.clj
index 6afde90..be7ac2d 100644
--- a/src/friend_oauth2/workflow.clj
+++ b/src/friend_oauth2/workflow.clj
@@ -35,7 +35,7 @@
   "Redirects user to OAuth2 provider. Code should be in response."
   [{:keys [uri-config]} request]
   (let [anti-forgery-token    (util/generate-anti-forgery-token)
-        session-with-af-token (assoc (:session request) (keyword anti-forgery-token) "state")]
+        session-with-af-token (assoc (:session request) :state anti-forgery-token)]
     (-> uri-config
         (util/format-authn-uri anti-forgery-token)
         ring.util.response/redirect
@@ -59,7 +59,7 @@
               (vary-meta auth-map merge {::friend/workflow :oauth2
                                          ::friend/redirect-on-auth? true
                                          :type ::friend/auth})))
-         
+
           (let [auth-error-fn (:auth-error-fn config)]
             (if (and error auth-error-fn)
               (auth-error-fn error)