Merge pull request #105 from cyk/expose-auth-state
Expose generated state to allow for CSRF validation.1.0
commit
2747bf0f70
|
@ -16,6 +16,8 @@ abstract class AbstractProvider
|
||||||
|
|
||||||
public $redirectUri = '';
|
public $redirectUri = '';
|
||||||
|
|
||||||
|
public $state;
|
||||||
|
|
||||||
public $name;
|
public $name;
|
||||||
|
|
||||||
public $uidKey = 'uid';
|
public $uidKey = 'uid';
|
||||||
|
@ -83,12 +85,12 @@ abstract class AbstractProvider
|
||||||
|
|
||||||
public function getAuthorizationUrl($options = array())
|
public function getAuthorizationUrl($options = array())
|
||||||
{
|
{
|
||||||
$state = md5(uniqid(rand(), true));
|
$this->state = md5(uniqid(rand(), true));
|
||||||
|
|
||||||
$params = array(
|
$params = array(
|
||||||
'client_id' => $this->clientId,
|
'client_id' => $this->clientId,
|
||||||
'redirect_uri' => $this->redirectUri,
|
'redirect_uri' => $this->redirectUri,
|
||||||
'state' => $state,
|
'state' => $this->state,
|
||||||
'scope' => is_array($this->scopes) ? implode($this->scopeSeparator, $this->scopes) : $this->scopes,
|
'scope' => is_array($this->scopes) ? implode($this->scopeSeparator, $this->scopes) : $this->scopes,
|
||||||
'response_type' => isset($options['response_type']) ? $options['response_type'] : 'code',
|
'response_type' => isset($options['response_type']) ? $options['response_type'] : 'code',
|
||||||
'approval_prompt' => 'auto'
|
'approval_prompt' => 'auto'
|
||||||
|
|
|
@ -29,6 +29,7 @@ class EventbriteTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class FacebookTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class GithubTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class GoogleTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class InstagramTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class LinkedInTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class MicrosoftTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
|
@ -29,6 +29,7 @@ class VkontakteTest extends \PHPUnit_Framework_TestCase
|
||||||
$this->assertArrayHasKey('scope', $query);
|
$this->assertArrayHasKey('scope', $query);
|
||||||
$this->assertArrayHasKey('response_type', $query);
|
$this->assertArrayHasKey('response_type', $query);
|
||||||
$this->assertArrayHasKey('approval_prompt', $query);
|
$this->assertArrayHasKey('approval_prompt', $query);
|
||||||
|
$this->assertNotNull($this->provider->state);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function testUrlAccessToken()
|
public function testUrlAccessToken()
|
||||||
|
|
Loading…
Reference in New Issue