Results
16.01.2023
dependent_country_state 1.0.6 ::
src/Controller/StateController.php
$country = $this->getRequest->getCurrentRequest()->query->get('country');
$state = $this->getRequest->getCurrentRequest()->query->get('state');
$query = $this->dbConnection->select('dependent_state"', 'st');
if (!empty($country)) {
$query = $query->condition('st.countryId', $country, '=');
} 15.07.2025
config_preview_deploy 1.0.0-alpha3 ::
src/Controller/OAuthController.php
public function callback(Request $request): RedirectResponse {
$code = $request->query->get('code');
$state = $request->query->get('state');
$error = $request->query->get('error');
// Check for OAuth errors.
if ($error) {
$error_description = $request->query->get('error_description', 'Unknown OAuth error');
$this->messenger()->addError($this->t('OAuth authorization failed: @error - @description', [ 13.06.2025
contrib_todo_list 1.1.1 ::
src/Controller/TodoController.php
*/
public function listUserTodos(Request $request): array {
$state_filter = $request->query->get('state');
$share_filter = $request->query->get('share');
if (!in_array($state_filter, TodoState::getStateKeys())) {
$state_filter = null;
}
$filters = [ 08.09.2025
link_orcid 1.0.0-rc1 ::
src/Controller/OrcidController.php
public function callback(Request $request): RedirectResponse {
$code = $request->query->get('code');
$state = $request->query->get('state');
$saved_state = $request->getSession()->get('link_orcid_state');
if (!$code || !$state || !$saved_state || !hash_equals((string) $saved_state, (string) $state)) {
$this->messenger->addError($this->t('Missing or invalid parameters from ORCID.'));
return $this->redirectToProfile();
} 16.06.2020
acquia_connector 8.x-1.22 ::
src/Controller/AuthController.php
assert($request !== NULL);
$code = $request->query->get('code', '');
$state = $request->query->get('state', '');
try {
$this->authService->finalize($code, $state);
return new RedirectResponse(
Url::fromRoute('acquia_connector.setup_configure')->toString()
); 10.07.2020
auth0 8.x-2.4 ::
src/Controller/AuthController.php
// State value is validated in $this->auth0->getUser() above.
$returnTo = NULL;
$validatedState = $request->query->get('state');
$currentSession = $this->tempStore->get(AuthController::STATE);
if (!empty($currentSession[$validatedState])) {
$returnTo = $currentSession[$validatedState];
unset($currentSession[$validatedState]);
} 08.11.2020
authman 1.x-dev ::
src/Access/AuthmanAuthorizationCodeReceive.php
*/
public function access(Request $request, AuthmanAuthInterface $authman_auth): AccessResultInterface {
$state = $request->query->get('state');
$code = $request->query->get('code');
if (empty($state) || empty($code)) {
// DefaultExceptionHtmlSubscriber::on4xx captures this.
throw new BadRequestHttpException('Missing query arguments');
} 11.08.2020
bankid_oidc 1.x-dev ::
src/Controller/LoginController.php
/** @noinspection NullPointerExceptionInspection */
$session__state = $request->getSession()->get(self::SESSION_OAUTH_STATE_NAME);
$request__state = $request->query->get('state');
// Both 'states' need to have a value.
if ($session__state === NULL || $request__state === NULL) {
return FALSE;
}
return $session__state === $request__state; 24.05.2020
commerce_square 8.x-1.x-dev ::
src/Controller/OauthToken.php
// $request is not passed in to _custom_access.
// @see https://www.drupal.org/node/2786941
if ($this->csrfToken->validate($this->currentRequest->query->get('state'))) {
return AccessResult::allowed();
}
return AccessResult::forbidden('Could not validate state in OAuth validation handshake.');
} 07.11.2021
docusign_signature 1.0.x-dev ::
src/DocuSignAuth/CodeGrant.php
$provider = $this->getOauthProvider();
$request = \Drupal::requestStack()->getCurrentRequest();
$state = $request->query->get('state');
// Check given state against previously stored one to mitigate CSRF attack.
if (
empty($state) ||
(
!empty($this->tempStore->get('oauth2state')) && 02.06.2020
drupalauth4ssp 8.x-1.1 ::
src/EventSubscriber/DrupalAuthForSSPSubscriber.php
if ($isLoginRequest && $responseIsHttpFound && $returnTo) {
$request = Request::create($returnTo);
if ($stateId = $request->query->get('State')) {
$this->sspHandler->saveIdToStat($this->accountProxy->id(), $stateId);
}
$response->setTargetUrl($returnTo);
$event->stopPropagation();
}
} 02.06.2020
drupalauth4ssp 8.x-1.1 ::
drupalauth4ssp.module
if (!empty($returnTo) && $sspHandler->returnPathIsAllowed($returnTo)) {
$request = Request::create($returnTo);
if ($stateId = $request->query->get('State')) {
$sspHandler->saveIdToStat($account->id(), $stateId);
}
}
}
/** 24.05.2020
externalauth_gitlab 8.x-1.x-dev ::
src/Controller/LoginController.php
$code = $request->query->get('code');
$state = $request->query->get('state');
if (!$code) {
// If we don't have an authorization code then get one.
$authUrl = $provider->getAuthorizationUrl();
$oauth2_state = $provider->getState(); 03.08.2020
id4me 2.0.x-dev ::
src/Controller/RedirectController.php
// ensure that the user, not a malicious script, is making the request.
$query = $this->requestStack->getCurrentRequest()->query;
$state_token = $query->get('state');
if ($state_token && StateToken::confirm($state_token)) {
return AccessResult::allowed();
}
return AccessResult::forbidden();
}
else {
// Process the login or connect operations.
$this->id4meService->setState($query->get('state'));
$authorizationTokens = $this->id4meService->getAuthorizationTokens($query->get('code'));
$userInfo = $this->id4meService->getUserInfo();
$account = $this->authmapService->userLoadByIdentifier(
$authorizationTokens->getIdTokenDecoded()->getIss(),
$authorizationTokens->getIdTokenDecoded()->getSub() 25.05.2025
nextcloud_webdav_client 1.0.x-dev ::
src/Controller/OAuth2CallbackController.php
$error = $request->query->get('error');
$error_description = $request->query->get('error_description');
$state = $request->query->get('state');
// Validate CSRF state parameter.
$session = $request->getSession();
$stored_state = $session->get('nextcloud_oauth2_state');
$state_time = $session->get('nextcloud_oauth2_state_time'); 25.05.2025
nextcloud_webdav_client 1.0.x-dev ::
src/Controller/NextCloudUserOAuth2Controller.php
$error = $request->query->get('error');
$error_description = $request->query->get('error_description');
$state = $request->query->get('state');
$current_user = $this->currentUser();
$user = $this->entityTypeManager()->getStorage('user')->load($current_user->id());
// Validate CSRF state parameter.
$session = $request->getSession(); 06.08.2020
oauth2_client 8.x-3.x-dev ::
src/Controller/OauthResponse.php
throw new \UnexpectedValueException("The code query parameter is missing.");
}
$state = $this->requestStack->getCurrentRequest()->query->get('state');
if (empty($state)) {
throw new \UnexpectedValueException("The state query parameter is missing.");
}
$oauth2Client = $this->entityTypeManager()->getStorage('oauth2_client')->load($clientId);
if (!($oauth2Client instanceof Oauth2Client)) {
throw new NotFoundHttpException(); 20.10.2020
oidc 1.0.0-alpha2 ::
src/Access/OpenidConnectRedirectAccessCheck.php
$state = $this->session->getState();
if ($state === NULL || $state !== $request->query->get('state')) {
return AccessResult::forbidden();
}
return AccessResult::allowed();
} 03.01.2020
patreon 8.x-2.x-dev ::
src/Controller/PatreonController.php
// Get the variables we need.
$code = $this->stack->getCurrentRequest()->query->get('code');
$state = $this->stack->getCurrentRequest()->query->get('state');
$session = $this->stack->getCurrentRequest()->getSession();
$session_state = $session->get('oauth2state');
// Now we have what we need, we can clear out the session for security
// reasons. 01.07.2020
quickbooks_api 8.x-1.0-beta4 ::
src/Access/AuthAccess.php
public function access() {
$auth_state = $this->state->get(QuickbooksService::STATE_OAUTH_SECURITY);
$query_state = $this->requestStack->getMainRequest()->query->get('state');
if ($auth_state !== $query_state) {
return AccessResult::forbidden("Invalid authorization state query parameter.");
}
return AccessResult::allowed(); 