Skip to content

Commit a96febc

Browse files
Return state from ProcessCodeFlowAsync (#248) (#381)
The Uri overload validated the state parameter but never returned it, so OAuth2Response.State was always null. Thread state through to the inner overload and into the response. Add a test.
1 parent 473811f commit a96febc

2 files changed

Lines changed: 29 additions & 4 deletions

File tree

dropbox-sdk-dotnet/Dropbox.Api.Integration.Tests/DropboxApiTests.cs

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -173,6 +173,30 @@ public async Task TestRefreshClient()
173173
Assert.IsNotNull(result.Email);
174174
}
175175

176+
/// <summary>
177+
/// Tests that ProcessCodeFlowAsync returns the state passed to it.
178+
/// </summary>
179+
/// <returns>The <see cref="Task" />.</returns>
180+
[TestMethod]
181+
public async Task TestProcessCodeFlowReturnsState()
182+
{
183+
const string state = "my-state-value";
184+
var tokenJson = "{\"access_token\":\"token\",\"token_type\":\"bearer\",\"uid\":\"123\"}";
185+
186+
var mockHandler = new MockHttpMessageHandler((r, s) =>
187+
Task.FromResult(new HttpResponseMessage(HttpStatusCode.OK)
188+
{
189+
Content = new StringContent(tokenJson, Encoding.UTF8, "application/json"),
190+
}));
191+
var mockClient = new HttpClient(mockHandler);
192+
193+
var responseUri = new Uri("https://localhost/token?code=the-code&state=" + state);
194+
var response = await DropboxOAuth2Helper.ProcessCodeFlowAsync(
195+
responseUri, "appKey", "appSecret", null, state, mockClient);
196+
197+
Assert.AreEqual(state, response.State);
198+
}
199+
176200
/// <summary>
177201
/// Tests that the token refresh uses the caller-supplied HttpClient.
178202
/// </summary>

dropbox-sdk-dotnet/Dropbox.Api/DropboxOauth2Helper.cs

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -497,8 +497,9 @@ public static OAuth2Response ParseTokenFragment(Uri redirectedUri)
497497
/// again.</param>
498498
/// <param name="client">An optional http client instance used to make requests.</param>
499499
/// <param name="codeVerifier">The code verifier for PKCE flow. If using PKCE, please us the PKCEOauthFlow object.</param>
500+
/// <param name="state">The state to return on the response, if any.</param>
500501
/// <returns>The authorization response, containing the access token and uid of the authorized user.</returns>
501-
public static async Task<OAuth2Response> ProcessCodeFlowAsync(string code, string appKey, string appSecret = null, string redirectUri = null, HttpClient client = null, string codeVerifier = null)
502+
public static async Task<OAuth2Response> ProcessCodeFlowAsync(string code, string appKey, string appSecret = null, string redirectUri = null, HttpClient client = null, string codeVerifier = null, string state = null)
502503
{
503504
if (string.IsNullOrEmpty(code))
504505
{
@@ -573,15 +574,15 @@ public static async Task<OAuth2Response> ProcessCodeFlowAsync(string code, strin
573574
return new OAuth2Response(
574575
json["access_token"].ToString(),
575576
json["uid"].ToString(),
576-
null,
577+
state,
577578
json["token_type"].ToString());
578579
}
579580

580581
return new OAuth2Response(
581582
json["access_token"].ToString(),
582583
refreshToken,
583584
json["uid"].ToString(),
584-
null,
585+
state,
585586
json["token_type"].ToString(),
586587
expiresIn,
587588
scopeList);
@@ -665,7 +666,7 @@ public static Task<OAuth2Response> ProcessCodeFlowAsync(Uri responseUri, string
665666
throw new ArgumentException("The responseUri is missing a code value in the query component.", "responseUri");
666667
}
667668

668-
return ProcessCodeFlowAsync(code, appKey, appSecret, redirectUri, client, codeVerifier);
669+
return ProcessCodeFlowAsync(code, appKey, appSecret, redirectUri, client, codeVerifier, state);
669670
}
670671
}
671672

0 commit comments

Comments
 (0)