update to omniauth-oauth2 1.1.0 for csrf protection and add with_offi…

…cal_account params
beenhero · Jul 23, 2012 · a4e70f4 · a4e70f4
1 parent 6472b90
commit a4e70f4
Showing 1 changed file with 18 additions and 7 deletions.
diff --git a/lib/omniauth/strategies/weibo.rb b/lib/omniauth/strategies/weibo.rb
@@ -42,14 +42,25 @@ def raw_info
         @uid ||= access_token.get('/2/account/get_uid.json').parsed["uid"]
         @raw_info ||= access_token.get("/2/users/show.json", :params => {:uid => @uid}).parsed
       end
-
+
-      alias :old_request_phase :request_phase
+      ##
-      def request_phase
+      # You can pass +display+, +with_offical_account+ or +state+ params to the auth request, if
-        display = session['omniauth.params']['display']
+      # you need to set them dynamically. You can also set these options
-        if display
+      # in the OmniAuth config :authorize_params option.
-          options[:authorize_params].merge!(:display => display)
+      #
+      # /auth/weibo?display=mobile&with_offical_account=1
+      #
+      def authorize_params
+        super.tap do |params|
+          %w[display with_offical_account state].each do |v|
+            if request.params[v]
+              params[v.to_sym] = request.params[v]
+
+              # to support omniauth-oauth2's auto csrf protection
+              session['omniauth.state'] = params[:state] if v == 'state'
+            end
+          end
         end
-        old_request_phase
       end
 
     end