Resolve conflict between auth_token_params patch and HEAD

jash · jash · commit 41bb7e6d942b · 2012-10-01T13:31:37.000-07:00
diff --git a/lib/omniauth-oauth2/version.rb b/lib/omniauth-oauth2/version.rb
@@ -1,5 +1,5 @@
 module OmniAuth
   module OAuth2
-    VERSION = "1.1.0"
+    VERSION = "1.1.1"
   end
 end
diff --git a/lib/omniauth/strategies/oauth2.rb b/lib/omniauth/strategies/oauth2.rb
@@ -25,6 +25,7 @@ class OAuth2
       option :token_params, {}
       option :token_options, []
       option :auth_token_params, {}
+      option :provider_ignores_state, false
 
       attr_accessor :access_token
 
@@ -49,9 +50,7 @@ def request_phase
       end
 
       def authorize_params
-        if options.authorize_params[:state].to_s.empty?
-          options.authorize_params[:state] = SecureRandom.hex(24)
-        end
+        options.authorize_params[:state] = SecureRandom.hex(24)
         params = options.authorize_params.merge(options.authorize_options.inject({}){|h,k| h[k.to_sym] = options[k] if options[k]; h})
         if OmniAuth.config.test_mode
           @env ||= {}
@@ -69,7 +68,7 @@ def callback_phase
         if request.params['error'] || request.params['error_reason']
           raise CallbackError.new(request.params['error'], request.params['error_description'] || request.params['error_reason'], request.params['error_uri'])
         end
-        if request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state')
+        if !options.provider_ignores_state && (request.params['state'].to_s.empty? || request.params['state'] != session.delete('omniauth.state'))
           raise CallbackError.new(nil, :csrf_detected)
         end
 
