From e2e999014f768a559c6edb37efbe379e2092fc06 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Mon, 8 May 2017 10:53:46 -0400
Subject: [PATCH] Add temporary parameter to ignore state with oauth2 basic

---
 config/locales/server.en.yml | 1 +
 config/settings.yml          | 1 +
 plugin.rb                    | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index cc84e99..eb9096d 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -14,4 +14,5 @@ en:
     oauth2_send_auth_header: "Send the token as an HTTP Authorization header"
     oauth2_debug_auth: "Include rich debugging information in your logs"
     oauth2_authorize_options: "When authorizing request these options"
+    oauth2_ignore_state: "Don't validate the state parameter. This will be removed shortly!"
 
diff --git a/config/settings.yml b/config/settings.yml
index 1a73d22..644caaf 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -14,6 +14,7 @@ login:
   oauth2_email_verified: false
   oauth2_send_auth_header: true
   oauth2_debug_auth: false
+  oauth2_ignore_state: true
   oauth2_authorize_options:
     default: 'scope'
     type: list
diff --git a/plugin.rb b/plugin.rb
index 22c6e22..9166d5f 100644
--- a/plugin.rb
+++ b/plugin.rb
@@ -29,7 +29,7 @@ class OAuth2BasicAuthenticator < ::Auth::OAuth2Authenticator
                         opts = env['omniauth.strategy'].options
                         opts[:client_id] = SiteSetting.oauth2_client_id
                         opts[:client_secret] = SiteSetting.oauth2_client_secret
-                        opts[:provider_ignores_state] = true
+                        opts[:provider_ignores_state] = SiteSetting.oauth2_ignore_state
                         opts[:client_options] = {
                           authorize_url: SiteSetting.oauth2_authorize_url,
                           token_url: SiteSetting.oauth2_token_url