From 40ab956e4b7c245e06078b5295cb6ee5e5f13133 Mon Sep 17 00:00:00 2001 From: Ludovic Landry Date: Mon, 21 Oct 2019 19:48:52 -0700 Subject: [PATCH] Make sure we only handle urls that are for Strava and not any url containing a code too (Foursquare redirect urls also contain a code for example) --- Sources/StravaSwift/StravaClient.swift | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Sources/StravaSwift/StravaClient.swift b/Sources/StravaSwift/StravaClient.swift index e7ab085..39e1183 100644 --- a/Sources/StravaSwift/StravaClient.swift +++ b/Sources/StravaSwift/StravaClient.swift @@ -142,10 +142,12 @@ extension StravaClient: ASWebAuthenticationPresentationContextProviding { Helper method to get the code from the redirection from Strava after the user has authorized the application (useful in AppDelegate) - Parameter url the url returned by Strava through the (ASWeb/SF)AuthenricationSession or application open options. - - Returns: a boolean that indicates if this url has a code and is been handled + - Returns: a boolean that indicates if this url is for Strava, has a code and can be handled properly **/ public func handleAuthorizationRedirect(_ url: URL) -> Bool { - if url.getQueryParameters()?["code"] != nil { + if let redirectUri = config?.redirectUri, url.absoluteString.starts(with: redirectUri), + let params = url.getQueryParameters(), params["code"] != nil, params["scope"] != nil, params["state"] == "ios" { + self.handleAuthorizationRedirect(url) { result in if let currentAuthorizationHandler = self.currentAuthorizationHandler { currentAuthorizationHandler(result) @@ -190,6 +192,7 @@ extension StravaClient: ASWebAuthenticationPresentationContextProviding { result(.failure(error)) } } + /** Refresh an OAuth token from Strava