generateStateFunction not called anymore when using custom start redirect handler
Closed this issue · 1 comments
dmidz commented
Prerequisites
- I have written a descriptive issue title
- I have searched existing issues to ensure the regression has not already been reported
Last working version
7.1.1
Stopped working in version
7.2.0
Node.js version
16.x
Operating system
Linux
Operating system version (i.e. 20.04, 11.3, 10)
Debian 10.9
💥 Regression Report
generateStateFunction not called anymore when using custom start redirect handler.
It seems the call has been moved from generateAuthorizationUri ( used in custom handler ) to startRedirectHandler.
So indeed state could not be generated & then compared.
Steps to Reproduce
OAuth options
...
generateStateFunction: ( request ) => {//__ this one is not called anymore
const state = {
code: crypto.randomBytes( 10 ).toString( 'hex' ),
redirect: request.query.redirect,
};
logger.debug( { state }, 'generateStateFunction' );
stateParameters.set( state.code, state );
return state.code;
},
checkStateFunction: ( request, callback ) => {//__ so request.query.state = "undefined"
logger.debug({ queryState: request.query }, 'checkStateFunction');
const state = stateParameters.get( request.query.state );
if( !state ){
callback( new Error( 'InvalidState' ) );
}
callback();
}
...
Custom start redirect handle
fastify.route( {
url: options.pathPrefix,
method: 'GET',
config: { public: true },
handler: async ( request, reply ) => {
try {
const authorizationEndpoint = fastify.googleOAuth2.generateAuthorizationUri( request );
reply.redirect( authorizationEndpoint );
} catch( err ) {
logger.error( err, 'OAuthRedirectError' );
return fastify.httpErrors.unauthorized();
}
}
} );
Expected Behavior
The generateStateFunction to be called when using a custom handler using generateAuthorizationUri.
dmidz commented
I am working on the fix.