From: Roger Braun <roger@rogerbraun.net>
Date: Thu, 14 Sep 2017 07:29:51 +0000 (+0200)
Subject: Preserve state in oauth
X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=ac3f32da7e1bb12b18394cc8dd358be8423e6204;p=akkoma

Preserve state in oauth
---

diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 4672ce00e..d76a13d31 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -10,7 +10,8 @@ defmodule Pleroma.Web.OAuth.OAuthController do
       response_type: params["response_type"],
       client_id: params["client_id"],
       scope: params["scope"],
-      redirect_uri: params["redirect_uri"]
+      redirect_uri: params["redirect_uri"],
+      state: params["state"]
     }
   end
 
@@ -25,6 +26,11 @@ defmodule Pleroma.Web.OAuth.OAuthController do
         }
       else
         url = "#{redirect_uri}?code=#{auth.token}"
+        url = if params["state"] do
+          url <> "&state=#{params["state"]}"
+        else
+          url
+        end
         redirect(conn, external: url)
       end
     end
diff --git a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
index ce295ed05..3c6903a16 100644
--- a/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
+++ b/lib/pleroma/web/templates/o_auth/o_auth/show.html.eex
@@ -10,5 +10,6 @@
 <%= hidden_input f, :response_type, value: @response_type %>
 <%= hidden_input f, :redirect_uri, value: @redirect_uri %>
 <%= hidden_input f, :scope, value: @scope %>
+<%= hidden_input f, :state, value: @state%>
 <%= submit "Authorize" %>
 <% end %>