fix calback_uri when using code from signed request in cookie
Mark Dodwell
12 years ago
0 | 0 | require 'omniauth/strategies/oauth2' |
1 | require 'base64' | |
2 | require 'openssl' | |
1 | 3 | |
2 | 4 | module OmniAuth |
3 | 5 | module Strategies |
65 | 67 | end |
66 | 68 | |
67 | 69 | def build_access_token |
68 | with_code(request.params['code'] || signed_request && signed_request['code']) do | |
69 | super.tap do |token| | |
70 | token.options.merge!(access_token_options) | |
71 | end | |
70 | with_authorization_code { super }.tap do |token| | |
71 | token.options.merge!(access_token_options) | |
72 | 72 | end |
73 | end | |
74 | ||
75 | # NOTE if we're using code from the signed request cookie | |
76 | # then FB sets the redirect_uri to '' during the authorize | |
77 | # phase + it must match during the access_token phase: | |
78 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
79 | def callback_url | |
80 | @authorization_code_from_cookie ? '' : super | |
73 | 81 | end |
74 | 82 | |
75 | 83 | def access_token_options |
92 | 100 | |
93 | 101 | private |
94 | 102 | |
95 | def with_code(code) | |
96 | original_code = request.params['code'] | |
97 | begin | |
98 | request.params['code'] = code | |
103 | # picks the authorization code in order, from: | |
104 | # 1. the request param | |
105 | # 2. a signed cookie | |
106 | def with_authorization_code | |
107 | if request.params.key?('code') | |
99 | 108 | yield |
100 | ensure | |
101 | request.params['code'] = original_code | |
109 | else code_from_cookie = signed_request && signed_request['code'] | |
110 | request.params['code'] = code_from_cookie | |
111 | @authorization_code_from_cookie = true | |
112 | begin | |
113 | yield | |
114 | ensure | |
115 | request.params.delete('code') | |
116 | @authorization_code_from_cookie = false | |
117 | end | |
102 | 118 | end |
103 | 119 | end |
104 | 120 |