Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-04 06:40:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #6553

Browse Source
This commit is contained in:
Julian Lam
2018-06-05 16:01:32 -04:00
parent f3c8074668
commit ec91ef1c64
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/routes/authentication.js
View File

@@ -60,13 +60,20 @@ Auth.reloadRoutes = function (callback) {
function (loginStrategies, next) {
loginStrategies.forEach(function (strategy) {
if (strategy.url) {
router.get(strategy.url, passport.authenticate(strategy.name, {
scope: strategy.scope,
prompt: strategy.prompt || undefined,
}));
router.get(strategy.url, Auth.middleware.applyCSRF, function (req, res, next) {
req.session.ssoState = req.csrfToken();
passport.authenticate(strategy.name, {
scope: strategy.scope,
prompt: strategy.prompt || undefined,
state: req.session.ssoState,
})(req, res, next);
});
}
router.get(strategy.callbackURL, function (req, res, next) {
// Ensure the passed-back state value is identical to the saved ssoState
next(req.query.state !== req.session.ssoState ? new Error('[[error:csrf-invalid]]') : null);
}, function (req, res, next) {
// Trigger registration interstitial checks
req.session.registration = req.session.registration || {};
next();