fix calback_uri when using code from signed request in cookie
Mark Dodwell
12 years ago
| 0 | 0 | require 'omniauth/strategies/oauth2' |
| 1 | require 'base64' | |
| 2 | require 'openssl' | |
| 1 | 3 | |
| 2 | 4 | module OmniAuth |
| 3 | 5 | module Strategies |
| 65 | 67 | end |
| 66 | 68 | |
| 67 | 69 | def build_access_token |
| 68 | with_code(request.params['code'] || signed_request && signed_request['code']) do | |
| 69 | super.tap do |token| | |
| 70 | token.options.merge!(access_token_options) | |
| 71 | end | |
| 70 | with_authorization_code { super }.tap do |token| | |
| 71 | token.options.merge!(access_token_options) | |
| 72 | 72 | end |
| 73 | end | |
| 74 | ||
| 75 | # NOTE if we're using code from the signed request cookie | |
| 76 | # then FB sets the redirect_uri to '' during the authorize | |
| 77 | # phase + it must match during the access_token phase: | |
| 78 | # https://github.com/facebook/php-sdk/blob/master/src/base_facebook.php#L348 | |
| 79 | def callback_url | |
| 80 | @authorization_code_from_cookie ? '' : super | |
| 73 | 81 | end |
| 74 | 82 | |
| 75 | 83 | def access_token_options |
| 92 | 100 | |
| 93 | 101 | private |
| 94 | 102 | |
| 95 | def with_code(code) | |
| 96 | original_code = request.params['code'] | |
| 97 | begin | |
| 98 | request.params['code'] = code | |
| 103 | # picks the authorization code in order, from: | |
| 104 | # 1. the request param | |
| 105 | # 2. a signed cookie | |
| 106 | def with_authorization_code | |
| 107 | if request.params.key?('code') | |
| 99 | 108 | yield |
| 100 | ensure | |
| 101 | request.params['code'] = original_code | |
| 109 | else code_from_cookie = signed_request && signed_request['code'] | |
| 110 | request.params['code'] = code_from_cookie | |
| 111 | @authorization_code_from_cookie = true | |
| 112 | begin | |
| 113 | yield | |
| 114 | ensure | |
| 115 | request.params.delete('code') | |
| 116 | @authorization_code_from_cookie = false | |
| 117 | end | |
| 102 | 118 | end |
| 103 | 119 | end |
| 104 | 120 | |