Fixed CSRF issue

state object was saved in encoded form and was retrieved in decoded one
ArkeologeN · Apr 4, 2016 · e2d5683 · e2d5683
1 parent d2f91c9
commit e2d5683
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/auth.js b/lib/auth.js
@@ -36,11 +36,12 @@
                 res = null;
             }
 
-            state = encodeURIComponent(state || newState());
+            state = state || newState();
             redirectURI = redirectURI || args.callback;
             states[state] = {
                 redirectURI: redirectURI,
             };
+            state = encodeURIComponent(state);
 
             var url = util.format("https://www.linkedin.com/uas/oauth2/authorization?response_type=code" +
                 "&client_id=%s" +