Bug 1180733 - "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github

Author: Dylan William Hardison

extensions/GitHubAuth/lib/Client.pm

@@ -60,7 +60,7 @@ sub get_email_key {
     my $digest = Digest->new(DIGEST_HASH);
     $digest->add($email);
     $digest->add(remote_ip());
-    $digest->add($cgi->cookie('Bugzilla_github_token') // '');
+    $digest->add($cgi->cookie('Bugzilla_github_token') // Bugzilla->request_cache->{github_token} // '');
     $digest->add(Bugzilla->localconfig->{site_wide_secret});
     return $digest->hexdigest;
 }
@@ -85,7 +85,7 @@ sub get_state {
     my $digest = Digest->new(DIGEST_HASH);
     $digest->add($sorted_target->as_string);
     $digest->add(remote_ip());
-    $digest->add($cgi->cookie('Bugzilla_github_token') // '');
+    $digest->add($cgi->cookie('Bugzilla_github_token') // Bugzilla->request_cache->{github_token} // '');
     $digest->add(Bugzilla->localconfig->{site_wide_secret});
     return $digest->hexdigest;
 }

extensions/GitHubAuth/lib/Login.pm

@@ -33,10 +33,12 @@ sub get_login_info {
 
     my $cookie = $cgi->cookie('Bugzilla_github_token');
     unless ($cookie) {
+        my $token = generate_random_password();
         $cgi->send_cookie(-name     => 'Bugzilla_github_token',
-                          -value    => generate_random_password(),
+                          -value    => $token,
                           Bugzilla->params->{'ssl_redirect'} ? ( -secure => 1 ) : (),
                           -httponly => 1);
+        Bugzilla->request_cache->{github_token} = $token;
     }
 
     return { failure => AUTH_NODATA } unless $github_login;