From edb94f555d18cd95831bb8c3b5963c7bea44a089 Mon Sep 17 00:00:00 2001
From: Anon Ray <rayanon004@gmail.com>
Date: Mon, 25 Aug 2014 19:00:53 +0530
Subject: [PATCH] Fix remove the app_secret config constant from client side
 code

  - The app_secret config constant was not required in the client side code but
    by mistake it was included. It is also a potential security leak. Remove the same.
---
 swtr/static/js/oauth.js    |    8 ++++----
 swtr/static/js/swtmaker.js |    1 -
 swtr/templates/index.html  |    1 -
 3 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/swtr/static/js/oauth.js b/swtr/static/js/oauth.js
index 76d1a7a..4b51440 100644
--- a/swtr/static/js/oauth.js
+++ b/swtr/static/js/oauth.js
@@ -2,11 +2,12 @@
 
   var Oauth = function(options) {
     // all necessary params provided?
-    if(!options.hasOwnProperty('app_id') || !options.hasOwnProperty('app_secret') ||
-       !options.hasOwnProperty('redirect_uri') || !options.hasOwnProperty('scopes') ||
+    if(!options.hasOwnProperty('app_id') ||
+       !options.hasOwnProperty('redirect_uri') ||
+       !options.hasOwnProperty('scopes') ||
        !options.hasOwnProperty('endpoint')) {
 
-      throw new Error('All of the - app_id, app_secret, redirect_uri, scopes'+
+      throw new Error('All of the - app_id, redirect_uri, scopes'+
                          ', endpoint - parameters must be provided');
       return;
     }
@@ -19,7 +20,6 @@
     }
 
     this.app_id = options.app_id;
-    this.app_secret = options.app_secret;
     this.redirect_uri = options.redirect_uri;
     this.scopes = options.scopes.split(',');
     this.endpoint = options.endpoint;
diff --git a/swtr/static/js/swtmaker.js b/swtr/static/js/swtmaker.js
index cca8d73..8131ce8 100644
--- a/swtr/static/js/swtmaker.js
+++ b/swtr/static/js/swtmaker.js
@@ -291,7 +291,6 @@
       // initialize the oauth stuff
       this.oauth = new Oauth({
         app_id: swtr.app_id,
-        app_secret: swtr.app_secret,
         endpoint: swtr.swtstoreURL() + swtr.endpoints.auth,
         redirect_uri: swtr.oauth_redirect_uri,
         scopes: 'email,sweet'
diff --git a/swtr/templates/index.html b/swtr/templates/index.html
index 82ebc62..b943897 100644
--- a/swtr/templates/index.html
+++ b/swtr/templates/index.html
@@ -102,7 +102,6 @@
       swtr.access_token = '{{ access_token }}';
       swtr.refresh_token = '{{ refresh_token }}';
       swtr.app_id = '{{ config.app_id }}';
-      swtr.app_secret = '{{ config.app_secret }}';
       swtr.oauth_redirect_uri = '{{ config.redirect_uri }}';
       window.onload = function() {
         swtr.init();
-- 
1.7.10.4