summaryrefslogtreecommitdiffstats
path: root/extensions/GitHubAuth/lib
diff options
context:
space:
mode:
authorDylan William Hardison <dylan@mozilla.com>2015-08-25 05:56:53 +0200
committerByron Jones <glob@mozilla.com>2015-08-25 05:56:53 +0200
commit85adb94a090b4bc87eab72193e7066e476da253e (patch)
tree85494588707f06fcecf9f22002cd753885a79ee2 /extensions/GitHubAuth/lib
parent77fbf1e1cd0bf2dec70577caa750d191fd717795 (diff)
downloadbugzilla-85adb94a090b4bc87eab72193e7066e476da253e.tar.gz
bugzilla-85adb94a090b4bc87eab72193e7066e476da253e.tar.xz
Bug 1180733 - "An invalid state parameter was passed to the GitHub OAuth2 callback" error when logging in with github
Diffstat (limited to 'extensions/GitHubAuth/lib')
-rw-r--r--extensions/GitHubAuth/lib/Client.pm4
-rw-r--r--extensions/GitHubAuth/lib/Login.pm4
2 files changed, 5 insertions, 3 deletions
diff --git a/extensions/GitHubAuth/lib/Client.pm b/extensions/GitHubAuth/lib/Client.pm
index bcd5e462e..338a5b639 100644
--- a/extensions/GitHubAuth/lib/Client.pm
+++ b/extensions/GitHubAuth/lib/Client.pm
@@ -60,7 +60,7 @@ sub get_email_key {
my $digest = Digest->new(DIGEST_HASH);
$digest->add($email);
$digest->add(remote_ip());
- $digest->add($cgi->cookie('Bugzilla_github_token') // '');
+ $digest->add($cgi->cookie('Bugzilla_github_token') // Bugzilla->request_cache->{github_token} // '');
$digest->add(Bugzilla->localconfig->{site_wide_secret});
return $digest->hexdigest;
}
@@ -85,7 +85,7 @@ sub get_state {
my $digest = Digest->new(DIGEST_HASH);
$digest->add($sorted_target->as_string);
$digest->add(remote_ip());
- $digest->add($cgi->cookie('Bugzilla_github_token') // '');
+ $digest->add($cgi->cookie('Bugzilla_github_token') // Bugzilla->request_cache->{github_token} // '');
$digest->add(Bugzilla->localconfig->{site_wide_secret});
return $digest->hexdigest;
}
diff --git a/extensions/GitHubAuth/lib/Login.pm b/extensions/GitHubAuth/lib/Login.pm
index cb0c68075..8c91fc08a 100644
--- a/extensions/GitHubAuth/lib/Login.pm
+++ b/extensions/GitHubAuth/lib/Login.pm
@@ -33,10 +33,12 @@ sub get_login_info {
my $cookie = $cgi->cookie('Bugzilla_github_token');
unless ($cookie) {
+ my $token = generate_random_password();
$cgi->send_cookie(-name => 'Bugzilla_github_token',
- -value => generate_random_password(),
+ -value => $token,
Bugzilla->params->{'ssl_redirect'} ? ( -secure => 1 ) : (),
-httponly => 1);
+ Bugzilla->request_cache->{github_token} = $token;
}
return { failure => AUTH_NODATA } unless $github_login;