hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: additional options for SSO plugins

Browse Source 
+checkState property, pass Boolean false to skip nonce checking
+callbackMethod, default 'get', you can pass in 'post', etc.
v1.18.x
Julian Lam 6 years ago
parent ed5d2d6d15
commit 2b9322e1c2
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File

8
src/routes/authentication.js
Unescape Escape View File

@ -74,8 +74,12 @@ Auth.reloadRoutes = function (router, callback) {
}); });
} }
router.get(strategy.callbackURL, function (req, res, next) { router[strategy.callbackMethod || 'get'](strategy.callbackURL, function (req, res, next) {
// Ensure the passed-back state value is identical to the saved ssoState // Ensure the passed-back state value is identical to the saved ssoState (unless explicitly skipped)
if (strategy.checkState === false) {
return next();
}
next(req.query.state !== req.session.ssoState ? new Error('[[error:csrf-invalid]]') : null); next(req.query.state !== req.session.ssoState ? new Error('[[error:csrf-invalid]]') : null);
}, function (req, res, next) { }, function (req, res, next) {
// Trigger registration interstitial checks // Trigger registration interstitial checks

Write Preview
Loading…
Cancel
Save