Merge pull request #89 from hypothesis/remove-assertion-param

Remove "assertion" GET param from token requests

Merge pull request #89 from hypothesis/remove-assertion-param
Remove "assertion" GET param from token requests
7b4723c8 · Robert Knight · GitHub · 326b4518 · e0e23bde · 7b4723c8
Commit 7b4723c8 authored Sep 06, 2016 by Robert Knight Committed by GitHub Sep 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 6 deletions

auth.js h/static/scripts/auth.js +2 -5

auth-test.js h/static/scripts/test/auth-test.js +0 -1

No files found.
--- a/h/static/scripts/auth.js
+++ b/h/static/scripts/auth.js
@@ -24,12 +24,9 @@ var cachedToken = INITIAL_TOKEN;
 * @return {Promise} - A promise for a new JWT token.
 */
 // @ngInject
-function fetchToken($http, session, settings) {
+function fetchToken($http, settings) {
  var tokenUrl = new URL('token', settings.apiUrl).href;
  var config = {
-    params: {
-      assertion: session.state.csrf,
-    },
    // Skip JWT authorization for the token request itself.
    skipAuthorization: true,
    transformRequest: function (data) {
@@ -50,7 +47,7 @@ function fetchToken($http, session, settings) {
 // @ngInject
 function fetchOrReuseToken($http, jwtHelper, session, settings) {
  function refreshToken() {
-    return fetchToken($http, session, settings).then(function (token) {
+    return fetchToken($http, settings).then(function (token) {
      return token;
    });
  }

--- a/h/static/scripts/test/auth-test.js
+++ b/h/static/scripts/test/auth-test.js
@@ -16,7 +16,6 @@ describe('auth', function () {
      get: sinon.spy(function (url, config) {
        assert.equal(config.skipAuthorization, true);
        assert.equal(url, 'https://test.hypothes.is/api/token');
-        assert.equal(config.params.assertion, fakeSession.state.csrf);

        var result = {status: 200, data: fakeTokens[fakeTokenIndex]};
        ++fakeTokenIndex;