Acknowledge nonce during auth

Richtermeister · Oct 1, 2017 · cca9d67 · cca9d67
1 parent 985d918
commit cca9d67
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/Controller/OAuthController.php b/src/Controller/OAuthController.php
@@ -84,11 +84,13 @@ public function auth(Request $request)
 
         $verifyUrl = $this->router->generate('codecloud_shopify_verify', [], UrlGeneratorInterface::ABSOLUTE_URL);
         $verifyUrl = str_replace("http://", "https://", $verifyUrl);
+        $nonce = uniqid();
 
         $params = [
             'client_id'    => $this->config['api_key'],
             'scope'        => $this->config['scope'],
             'redirect_uri' => $verifyUrl,
+            'state'        => $nonce,
         ];
 
         $shopifyEndpoint = 'https://%s/admin/oauth/authorize?%s';
@@ -107,6 +109,7 @@ public function verify(Request $request)
     {
         $authCode = $request->get('code');
         $storeName = $request->get('shop');
+        $nonce = $request->get('state');
 
         if (!$authCode || !$storeName) {
             throw new BadRequestHttpException('Request is missing required parameters: "code", "shop".');