thomsbg/git.diff

## git.diff
diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 7bc58a561..94cb82b7f 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -1,6 +1,7 @@
 var express = require('express');
 var passport = require('../../shared/passport');
 var router = express.Router();
+var crypto = require('crypto');

 // Reset session, return to login page
 router.get('/auth/reset', checkSession, resetSession);
@@ -9,7 +10,14 @@ router.use(passport.initialize());
 router.use(authenticateSession);

 // The main entry point for logging in via Chorus
-router.get('/auth/chorus', passport.authenticate('oauth2'));
+router.get('/auth/chorus', (req, res, next) => {
+  const token = crypto.randomFillSync(Buffer.alloc(48)).toString('hex');
+  const state = JSON.stringify({
+    origin_host: req.hostname,
+    token
+  });
+  passport.authenticate('oauth2', { state })(req, res, next);
+});

 // The callback URL we register for the Anthem oauth application
 router.get('/auth/chorus/callback',
	diff --git a/server/middleware/auth.js b/server/middleware/auth.js
	index 7bc58a561..94cb82b7f 100644
	--- a/server/middleware/auth.js
	+++ b/server/middleware/auth.js
	@@ -1,6 +1,7 @@
	var express = require('express');
	var passport = require('../../shared/passport');
	var router = express.Router();
	+var crypto = require('crypto');

	// Reset session, return to login page
	router.get('/auth/reset', checkSession, resetSession);
	@@ -9,7 +10,14 @@ router.use(passport.initialize());
	router.use(authenticateSession);

	// The main entry point for logging in via Chorus
	-router.get('/auth/chorus', passport.authenticate('oauth2'));
	+router.get('/auth/chorus', (req, res, next) => {
	+ const token = crypto.randomFillSync(Buffer.alloc(48)).toString('hex');
	+ const state = JSON.stringify({
	+ origin_host: req.hostname,
	+ token
	+ });
	+ passport.authenticate('oauth2', { state })(req, res, next);
	+});

	// The callback URL we register for the Anthem oauth application
	router.get('/auth/chorus/callback',