coolaj86
/
oauth3.js
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bugfix iframe login

This commit is contained in:
AJ ONeal 2017-02-21 17:37:44 -07:00
parent 6092408a3f
commit ce0bdbd108
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth3.core.js
View File

@ -529,7 +529,7 @@
} }
console.warn('[Warn] Please implement OAUTH3.hooks.session.get = function (providerUri) { return PromiseA<savedSession>; }'); console.warn('[Warn] Please implement OAUTH3.hooks.session.get = function (providerUri) { return PromiseA<savedSession>; }');
if (!OAUTH3.hooks.session._sessions) { OAUTH3.hooks.session._sessions = {}; } if (!OAUTH3.hooks.session._sessions) { OAUTH3.hooks.session._sessions = {}; }
return OAUTH3.PromiseA.resolve(OAUTH3.hooks.session._sessions[providerUri]); return OAUTH3.PromiseA.resolve(OAUTH3.hooks.session._sessions[providerUri] || null);
} }
} }
} }

5
well-known/oauth3/callback.html
View File

@ -27,6 +27,11 @@
if (loginWinObj.debug) { if (loginWinObj.debug) {
console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled."); console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
} }
if (!loginWinObj.state) {
console.error(loginWinObj);
window.alert(prefix + ": missing state parameter");
}
// '--oauth3-callback-' prefix exist for security so that an attacker can't social engineer execution an arbitrary function // '--oauth3-callback-' prefix exist for security so that an attacker can't social engineer execution an arbitrary function
// TODO finalize name of '--oauth3-callback-', this will be a defacto standard // TODO finalize name of '--oauth3-callback-', this will be a defacto standard
// TODO maybe call it 'self-xss-' or 'hack-my-account-' to discourage people from doing dumb things? // TODO maybe call it 'self-xss-' or 'hack-my-account-' to discourage people from doing dumb things?