Commit 372bf848 authored by Robert Knight's avatar Robert Knight

Do not try to use an auth code more than once.

Auth codes can only be used once, so clear the code just before
performing token exchange to ensure that it is not reused later.
parent 375b5743
...@@ -241,7 +241,9 @@ function auth($http, $rootScope, $window, flash, localStorage, random, settings) ...@@ -241,7 +241,9 @@ function auth($http, $rootScope, $window, flash, localStorage, random, settings)
} else if (authCode) { } else if (authCode) {
// Exchange authorization code retrieved from login popup for a new // Exchange authorization code retrieved from login popup for a new
// access token. // access token.
tokenInfoPromise = exchangeAuthCode(authCode).then((tokenInfo) => { var code = authCode;
authCode = null; // Auth codes can only be used once.
tokenInfoPromise = exchangeAuthCode(code).then((tokenInfo) => {
saveToken(tokenInfo); saveToken(tokenInfo);
return tokenInfo; return tokenInfo;
}); });
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment