Merge pull request #1 from fguillot/master

author: Imbasaur <yarrusg@gmail.com> 2016-04-13 17:05:59 +0200
committer: Imbasaur <yarrusg@gmail.com> 2016-04-13 17:05:59 +0200
commit: 99f275e5bb033cca33eee87b0e914645730f13d1 (patch)
tree: ad845419d56304f2bf014744f0878186f7155a3c /app/Core/Http/OAuth2.php
parent: 13d5bd8e48bd6c0109d1272da58a8879bf9a6737 (diff)
parent: cd5bf9d4d214ec9282b706c26bb27cabf150ee63 (diff)
1 files changed, 37 insertions, 8 deletions
diff --git a/app/Core/Http/OAuth2.php b/app/Core/Http/OAuth2.php
index 6fa1fb0a..211ca5b4 100644
--- a/app/Core/Http/OAuth2.php
+++ b/app/Core/Http/OAuth2.php
@@ -12,14 +12,14 @@ use Kanboard\Core\Base;
  */
 class OAuth2 extends Base
 {
-    private $clientId;
-    private $secret;
-    private $callbackUrl;
-    private $authUrl;
-    private $tokenUrl;
-    private $scopes;
-    private $tokenType;
-    private $accessToken;
+    protected $clientId;
+    protected $secret;
+    protected $callbackUrl;
+    protected $authUrl;
+    protected $tokenUrl;
+    protected $scopes;
+    protected $tokenType;
+    protected $accessToken;
 
     /**
      * Create OAuth2 service
@@ -46,6 +46,33 @@ class OAuth2 extends Base
     }
 
     /**
+     * Generate OAuth2 state and return the token value
+     *
+     * @access public
+     * @return string
+     */
+    public function getState()
+    {
+        if (! isset($this->sessionStorage->oauthState) || empty($this->sessionStorage->oauthState)) {
+            $this->sessionStorage->oauthState = $this->token->getToken();
+        }
+
+        return $this->sessionStorage->oauthState;
+    }
+
+    /**
+     * Check the validity of the state (CSRF token)
+     *
+     * @access public
+     * @param  string $state
+     * @return bool
+     */
+    public function isValidateState($state)
+    {
+        return $state === $this->getState();
+    }
+
+    /**
      * Get authorization url
      *
      * @access public
@@ -58,6 +85,7 @@ class OAuth2 extends Base
             'client_id' => $this->clientId,
             'redirect_uri' => $this->callbackUrl,
             'scope' => implode(' ', $this->scopes),
+            'state' => $this->getState(),
         );
 
         return $this->authUrl.'?'.http_build_query($params);
@@ -94,6 +122,7 @@ class OAuth2 extends Base
                 'client_secret' => $this->secret,
                 'redirect_uri' => $this->callbackUrl,
                 'grant_type' => 'authorization_code',
+                'state' => $this->getState(),
             );
 
             $response = json_decode($this->httpClient->postForm($this->tokenUrl, $params, array('Accept: application/json')), true);
author	Imbasaur <yarrusg@gmail.com>	2016-04-13 17:05:59 +0200
committer	Imbasaur <yarrusg@gmail.com>	2016-04-13 17:05:59 +0200
commit	99f275e5bb033cca33eee87b0e914645730f13d1 (patch)
tree	ad845419d56304f2bf014744f0878186f7155a3c /app/Core/Http/OAuth2.php
parent	13d5bd8e48bd6c0109d1272da58a8879bf9a6737 (diff)
parent	cd5bf9d4d214ec9282b706c26bb27cabf150ee63 (diff)