feat: additional options for SSO plugins

+checkState property, pass Boolean false to skip nonce checking +callbackMethod, default 'get', you can pass in 'post', etc.
6 years ago · 2b9322e1c2
parent ed5d2d6d15
commit 2b9322e1c2
1 changed files with 6 additions and 2 deletions
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -74,8 +74,12 @@ Auth.reloadRoutes = function (router, callback) {
 					});
 				}

-				router.get(strategy.callbackURL, function (req, res, next) {
-					// Ensure the passed-back state value is identical to the saved ssoState
+				router[strategy.callbackMethod || 'get'](strategy.callbackURL, function (req, res, next) {
+					// Ensure the passed-back state value is identical to the saved ssoState (unless explicitly skipped)
+					if (strategy.checkState === false) {
+						return next();
+					}
+
 					next(req.query.state !== req.session.ssoState ? new Error('[[error:csrf-invalid]]') : null);
 				}, function (req, res, next) {
 					// Trigger registration interstitial checks