Save the expected state in another session key

nexiahome-orig · Feb 22, 2016 · 43decfe · 43decfe
1 parent 7603256
commit 43decfe
Showing 1 changed file with 2 additions and 16 deletions.
diff --git a/lib/omniauth/strategies/nest.rb b/lib/omniauth/strategies/nest.rb
@@ -35,22 +35,8 @@ def authorize_params
       end
 
       def callback_phase # rubocop:disable AbcSize, CyclomaticComplexity, MethodLength, PerceivedComplexity
-        error = request.params["error_reason"] || request.params["error"]
-        if error
-          fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
-        elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session["omniauth.state"])
-          fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
-        else
-          self.access_token = build_access_token
-          self.access_token = access_token.refresh! if access_token.expired?
-          super
-        end
-      rescue ::OAuth2::Error, CallbackError => e
-        fail!(:invalid_credentials, e)
-      rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
-        fail!(:timeout, e)
-      rescue ::SocketError => e
-        fail!(:failed_to_connect, e)
+        session["omniauth.expected_state"] = session["omniauth.state"]
+        super
       end
     end
   end