From f997f573bac4d40584b191929dc5d0496f02b0ce Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 28 Apr 2022 11:44:07 +0200
Subject: [PATCH] Use a session for state parameter in Ueberauth callback
 controller

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 lib/web/controllers/auth_controller.ex | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/web/controllers/auth_controller.ex b/lib/web/controllers/auth_controller.ex
index 49a12b5a9..f1ba410e8 100644
--- a/lib/web/controllers/auth_controller.ex
+++ b/lib/web/controllers/auth_controller.ex
@@ -7,6 +7,14 @@ defmodule Mobilizon.Web.AuthController do
   require Logger
   plug(:put_layout, false)
 
+  config = Application.get_env(:mobilizon, Mobilizon.Web.Endpoint, [])
+
+  plug(Plug.Session,
+    store: :cookie,
+    key: "_auth_callback",
+    signing_salt: Keyword.get(config, :secret_key_base)
+  )
+
   plug(Ueberauth)
 
   @spec request(Plug.Conn.t(), map()) :: Plug.Conn.t()