From 71b705cb5105f6dfb49aabc55607745b881c5dc3 Mon Sep 17 00:00:00 2001 From: Manfred Steyer Date: Sun, 22 Mar 2020 15:05:15 +0100 Subject: [PATCH] fix(state): passing an url with a querystring as the state, e. g. url?x=1 --- projects/lib/src/oauth-service.ts | 6 +----- projects/sample/src/app/app.component.ts | 3 +-- projects/sample/src/app/home/home.component.ts | 4 ++-- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/projects/lib/src/oauth-service.ts b/projects/lib/src/oauth-service.ts index 2b9c805d..5d3bde0f 100644 --- a/projects/lib/src/oauth-service.ts +++ b/projects/lib/src/oauth-service.ts @@ -1253,7 +1253,7 @@ export class OAuthService extends AuthConfig implements OnDestroy { const nonce = await this.createAndSaveNonce(); if (state) { - state = nonce + this.config.nonceStateSeparator + state; + state = nonce + this.config.nonceStateSeparator + encodeURIComponent(state); } else { state = nonce; } @@ -1461,8 +1461,6 @@ export class OAuthService extends AuthConfig implements OnDestroy { } } - - private parseQueryString(queryString: string): object { if (!queryString || queryString.length === 0) { return {}; @@ -1473,8 +1471,6 @@ export class OAuthService extends AuthConfig implements OnDestroy { } return this.urlHelper.parseQueryString(queryString); - - } public tryLoginCodeFlow(options: LoginOptions = null): Promise { diff --git a/projects/sample/src/app/app.component.ts b/projects/sample/src/app/app.component.ts index fee7cf8a..e7d76151 100644 --- a/projects/sample/src/app/app.component.ts +++ b/projects/sample/src/app/app.component.ts @@ -27,6 +27,7 @@ export class AppComponent { this.oauthService.events .pipe(filter(e => e.type === 'token_received')) .subscribe(_ => { + console.debug('state', this.oauthService.state); this.oauthService.loadUserProfile(); }); @@ -57,7 +58,6 @@ export class AppComponent { // Optional this.oauthService.setupAutomaticSilentRefresh(); - // Display all events this.oauthService.events.subscribe(e => { // tslint:disable-next-line:no-console @@ -70,7 +70,6 @@ export class AppComponent { // tslint:disable-next-line:no-console console.debug('Your session has been terminated!'); }); - } // diff --git a/projects/sample/src/app/home/home.component.ts b/projects/sample/src/app/home/home.component.ts index 4325810a..01ef55e3 100644 --- a/projects/sample/src/app/home/home.component.ts +++ b/projects/sample/src/app/home/home.component.ts @@ -33,7 +33,7 @@ export class HomeComponent implements OnInit { await this.oauthService.loadDiscoveryDocument(); sessionStorage.setItem('flow', 'implicit'); - this.oauthService.initLoginFlow('/some-state;p1=1;p2=2'); + this.oauthService.initLoginFlow('/some-state;p1=1;p2=2?p3=3&p4=4'); // the parameter here is optional. It's passed around and can be used after logging in } @@ -56,7 +56,7 @@ export class HomeComponent implements OnInit { await this.oauthService.loadDiscoveryDocument(); sessionStorage.setItem('flow', 'code'); - this.oauthService.initLoginFlow('/some-state;p1=1;p2=2'); + this.oauthService.initLoginFlow('/some-state;p1=1;p2=2?p3=3&p4=4'); // the parameter here is optional. It's passed around and can be used after logging in }