Commit edb94f555d18cd95831bb8c3b5963c7bea44a089
Fix remove the app_secret config constant from client side code
- The app_secret config constant was not required in the client side code but
by mistake it was included. It is also a potential security leak. Remove the same.
| | | | | 2 | | 2 | |
|---|
| 3 | var Oauth = function(options) { | 3 | var Oauth = function(options) { |
|---|
| 4 | // all necessary params provided? | 4 | // all necessary params provided? |
|---|
| 5 | if(!options.hasOwnProperty('app_id') || !options.hasOwnProperty('app_secret') || | | if(!options.hasOwnProperty('app_id') || !options.hasOwnProperty('app_secret') || |
|---|
| 6 | !options.hasOwnProperty('redirect_uri') || !options.hasOwnProperty('scopes') || | | !options.hasOwnProperty('redirect_uri') || !options.hasOwnProperty('scopes') || |
|---|
| | 5 | if(!options.hasOwnProperty('app_id') || | | | 6 | !options.hasOwnProperty('redirect_uri') || |
|---|
| | 7 | !options.hasOwnProperty('scopes') || |
|---|
| 7 | !options.hasOwnProperty('endpoint')) { | 8 | !options.hasOwnProperty('endpoint')) { |
|---|
| 8 | | 9 | |
|---|
| 9 | throw new Error('All of the - app_id, app_secret, redirect_uri, scopes'+ | | throw new Error('All of the - app_id, app_secret, redirect_uri, scopes'+ |
|---|
| | 10 | throw new Error('All of the - app_id, redirect_uri, scopes'+ | | 10 | ', endpoint - parameters must be provided'); | 11 | ', endpoint - parameters must be provided'); |
|---|
| 11 | return; | 12 | return; |
|---|
| 12 | } | 13 | } |
|---|
| … | | … | |
|---|
| 20 | } | 20 | } |
|---|
| 21 | | 21 | |
|---|
| 22 | this.app_id = options.app_id; | 22 | this.app_id = options.app_id; |
|---|
| 23 | this.app_secret = options.app_secret; | | this.app_secret = options.app_secret; |
|---|
| 24 | this.redirect_uri = options.redirect_uri; | 23 | this.redirect_uri = options.redirect_uri; |
|---|
| 25 | this.scopes = options.scopes.split(','); | 24 | this.scopes = options.scopes.split(','); |
|---|
| 26 | this.endpoint = options.endpoint; | 25 | this.endpoint = options.endpoint; |
|---|
| | | | | 291 | // initialize the oauth stuff | 291 | // initialize the oauth stuff |
|---|
| 292 | this.oauth = new Oauth({ | 292 | this.oauth = new Oauth({ |
|---|
| 293 | app_id: swtr.app_id, | 293 | app_id: swtr.app_id, |
|---|
| 294 | app_secret: swtr.app_secret, | | app_secret: swtr.app_secret, |
|---|
| 295 | endpoint: swtr.swtstoreURL() + swtr.endpoints.auth, | 294 | endpoint: swtr.swtstoreURL() + swtr.endpoints.auth, |
|---|
| 296 | redirect_uri: swtr.oauth_redirect_uri, | 295 | redirect_uri: swtr.oauth_redirect_uri, |
|---|
| 297 | scopes: 'email,sweet' | 296 | scopes: 'email,sweet' |
|---|
| | | | | 102 | swtr.access_token = '{{ access_token }}'; | 102 | swtr.access_token = '{{ access_token }}'; |
|---|
| 103 | swtr.refresh_token = '{{ refresh_token }}'; | 103 | swtr.refresh_token = '{{ refresh_token }}'; |
|---|
| 104 | swtr.app_id = '{{ config.app_id }}'; | 104 | swtr.app_id = '{{ config.app_id }}'; |
|---|
| 105 | swtr.app_secret = '{{ config.app_secret }}'; | | swtr.app_secret = '{{ config.app_secret }}'; |
|---|
| 106 | swtr.oauth_redirect_uri = '{{ config.redirect_uri }}'; | 105 | swtr.oauth_redirect_uri = '{{ config.redirect_uri }}'; |
|---|
| 107 | window.onload = function() { | 106 | window.onload = function() { |
|---|
| 108 | swtr.init(); | 107 | swtr.init(); |
|---|
