Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #3 from quake/master

update to omniauth-oauth2 1.1.0 for csrf protection and add with_offical_account params
  • Loading branch information...
commit 4d6d0bebd737aa57e065a660b265bea829ee65d4 2 parents 6472b90 + a4e70f4
@beenhero authored
Showing with 18 additions and 7 deletions.
  1. +18 −7 lib/omniauth/strategies/weibo.rb
View
25 lib/omniauth/strategies/weibo.rb
@@ -42,14 +42,25 @@ def raw_info
@uid ||= access_token.get('/2/account/get_uid.json').parsed["uid"]
@raw_info ||= access_token.get("/2/users/show.json", :params => {:uid => @uid}).parsed
end
-
- alias :old_request_phase :request_phase
- def request_phase
- display = session['omniauth.params']['display']
- if display
- options[:authorize_params].merge!(:display => display)
+
+ ##
+ # You can pass +display+, +with_offical_account+ or +state+ params to the auth request, if
+ # you need to set them dynamically. You can also set these options
+ # in the OmniAuth config :authorize_params option.
+ #
+ # /auth/weibo?display=mobile&with_offical_account=1
+ #
+ def authorize_params
+ super.tap do |params|
+ %w[display with_offical_account state].each do |v|
+ if request.params[v]
+ params[v.to_sym] = request.params[v]
+
+ # to support omniauth-oauth2's auto csrf protection
+ session['omniauth.state'] = params[:state] if v == 'state'
+ end
+ end
end
- old_request_phase
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.