passport-oauth2
Advanced tools
passport-oauth2 - npm Package Compare versions
Comparing version 1.0.0 to 1.1.0
@@ -6,2 +6,3 @@ /** | ||
| , url = require('url') | ||
| , uid = require('uid2') | ||
| , util = require('util') | ||
@@ -99,2 +100,4 @@ , utils = require('./utils') | ||
| this._scopeSeparator = options.scopeSeparator || ' '; | ||
| this._state = options.state; | ||
| this._key = options.sessionKey || ('oauth2:' + url.parse(options.authorizationURL).hostname); | ||
| this._trustProxy = options.proxy; | ||
@@ -142,2 +145,24 @@ this._passReqToCallback = options.passReqToCallback; | ||
| if (this._state) { | ||
| if (!req.session) { return this.error(new Error('OAuth2Strategy requires session support when using state. Did you forget app.use(express.session(...))?')); } | ||
| var key = this._key; | ||
| if (!req.session[key]) { | ||
| return this.fail({ message: 'Unable to verify authorization request state.' }, 403); | ||
| } | ||
| var state = req.session[key].state; | ||
| if (!state) { | ||
| return this.fail({ message: 'Unable to verify authorization request state.' }, 403); | ||
| } | ||
| delete req.session[key].state; | ||
| if (Object.keys(req.session[key]).length === 0) { | ||
| delete req.session[key]; | ||
| } | ||
| if (state !== req.query.state) { | ||
| return this.fail({ message: 'Invalid authorization request state.' }, 403); | ||
| } | ||
| } | ||
| // NOTE: The module oauth (0.9.5), which is a dependency, automatically adds | ||
@@ -196,3 +221,13 @@ // a 'type=web_server' parameter to the percent-encoded data sent in | ||
| var state = options.state; | ||
| if (state) { params.state = state; } | ||
| if (state) { | ||
| params.state = state; | ||
| } else if (this._state) { | ||
| if (!req.session) { return this.error(new Error('OAuth2Strategy requires session support when using state. Did you forget app.use(express.session(...))?')); } | ||
| var key = this._key; | ||
| state = uid(24); | ||
| if (!req.session[key]) { req.session[key] = {}; } | ||
| req.session[key].state = state; | ||
| params.state = state; | ||
| } | ||
@@ -199,0 +234,0 @@ var location = this._oauth2.getAuthorizeUrl(params); |
| { | ||
| "name": "passport-oauth2", | ||
| "version": "1.0.0", | ||
| "version": "1.1.0", | ||
| "description": "OAuth 2.0 authentication strategy for Passport.", | ||
@@ -36,3 +36,4 @@ "keywords": [ | ||
| "passport-strategy": "1.x.x", | ||
| "oauth": "0.9.x" | ||
| "oauth": "0.9.x", | ||
| "uid2": "0.0.x" | ||
| }, | ||
@@ -39,0 +40,0 @@ "devDependencies": { |
@@ -26,2 +26,6 @@ # passport-oauth2 | ||
| ## Install | ||
| $ npm install passport-oauth2 | ||
| ## Usage | ||
@@ -28,0 +32,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by6.45%
23292
- Lines of code
- increased by6.67%
480
- Number of lines in readme file
- increased by4.55%
92
Worsened metrics
- Dependency count
- increased by50%
3
Dependency changes
+ Addeduid2@0.0.x
+ Addeduid2@0.0.4(transitive)