Merge pull request #105 from cyk/expose-auth-state
Expose generated state to allow for CSRF validation.1.0
commit
2747bf0f70
|
@ -16,6 +16,8 @@ abstract class AbstractProvider
|
|||
|
||||
public $redirectUri = '';
|
||||
|
||||
public $state;
|
||||
|
||||
public $name;
|
||||
|
||||
public $uidKey = 'uid';
|
||||
|
@ -83,12 +85,12 @@ abstract class AbstractProvider
|
|||
|
||||
public function getAuthorizationUrl($options = array())
|
||||
{
|
||||
$state = md5(uniqid(rand(), true));
|
||||
$this->state = md5(uniqid(rand(), true));
|
||||
|
||||
$params = array(
|
||||
'client_id' => $this->clientId,
|
||||
'redirect_uri' => $this->redirectUri,
|
||||
'state' => $state,
|
||||
'state' => $this->state,
|
||||
'scope' => is_array($this->scopes) ? implode($this->scopeSeparator, $this->scopes) : $this->scopes,
|
||||
'response_type' => isset($options['response_type']) ? $options['response_type'] : 'code',
|
||||
'approval_prompt' => 'auto'
|
||||
|
|
|
@ -29,6 +29,7 @@ class EventbriteTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class FacebookTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class GithubTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class GoogleTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class InstagramTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class LinkedInTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class MicrosoftTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
|
@ -29,6 +29,7 @@ class VkontakteTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertArrayHasKey('scope', $query);
|
||||
$this->assertArrayHasKey('response_type', $query);
|
||||
$this->assertArrayHasKey('approval_prompt', $query);
|
||||
$this->assertNotNull($this->provider->state);
|
||||
}
|
||||
|
||||
public function testUrlAccessToken()
|
||||
|
|
Loading…
Reference in New Issue