Merge pull request #1512 from stregouet/oauth2-state

fix: add state parameter for oauth2
2020-05-13 16:26:26 +08:00 · 2020-05-13 16:26:26 +08:00 · 54ab0a08de
parent 20bacfbaf1 6ff6d215ab
commit 54ab0a08de
3 changed files with 3 additions and 0 deletions
--- a/lib/auth/oauth2/index.js
+++ b/lib/auth/oauth2/index.js
@ -16,6 +16,7 @@ passport.use(new OAuth2CustomStrategy({
  clientSecret: config.oauth2.clientSecret,
  callbackURL: config.serverURL + '/auth/oauth2/callback',
  userProfileURL: config.oauth2.userProfileURL,
+  state: config.oauth2.state,
  scope: config.oauth2.scope
 }, passportGeneralCallback))

--- a/lib/config/default.js
+++ b/lib/config/default.js
@ -100,6 +100,7 @@ module.exports = {
    userProfileDisplayNameAttr: 'displayName',
    userProfileEmailAttr: 'email',
    userProfilePhotoAttr: 'photo',
+    state: true,
    scope: 'email'
  },
  facebook: {
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@ -94,6 +94,7 @@ module.exports = {
    tokenURL: process.env.CMD_OAUTH2_TOKEN_URL,
    userProfileURL: process.env.CMD_OAUTH2_USER_PROFILE_URL,
    scope: process.env.CMD_OAUTH2_SCOPE,
+    state: process.env.CMD_OAUTH2_STATE,
    userProfileUsernameAttr: process.env.CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR,
    userProfileDisplayNameAttr: process.env.CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR,
    userProfileEmailAttr: process.env.CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR,