From c52fdf9f9f79794702c956d655d22e5d84354b07 Mon Sep 17 00:00:00 2001
From: Athou <jeremiepanzer@gmail.com>
Date: Mon, 15 Apr 2013 10:29:12 +0200
Subject: [PATCH] security fix, reuse session instead of passing the user to
 the state

---
 .../commafeed/frontend/pages/GoogleImportCallbackPage.java    | 4 ++--
 .../commafeed/frontend/pages/GoogleImportRedirectPage.java    | 3 ---
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/main/java/com/commafeed/frontend/pages/GoogleImportCallbackPage.java b/src/main/java/com/commafeed/frontend/pages/GoogleImportCallbackPage.java
index d6db2c4d..9ae33bb1 100644
--- a/src/main/java/com/commafeed/frontend/pages/GoogleImportCallbackPage.java
+++ b/src/main/java/com/commafeed/frontend/pages/GoogleImportCallbackPage.java
@@ -14,6 +14,7 @@ import com.commafeed.backend.dao.UserDAO;
 import com.commafeed.backend.feeds.OPMLImporter;
 import com.commafeed.backend.model.ApplicationSettings;
 import com.commafeed.backend.services.ApplicationSettingsService;
+import com.commafeed.frontend.CommaFeedSession;
 import com.commafeed.frontend.utils.WicketUtils;
 import com.commafeed.frontend.utils.exception.DisplayException;
 import com.google.api.client.auth.oauth2.AuthorizationCodeResponseUrl;
@@ -89,8 +90,7 @@ public class GoogleImportCallbackPage extends WebPage {
 				BearerToken.authorizationHeaderAccessMethod().intercept(
 						httpRequest, accessToken);
 				String opml = httpRequest.execute().parseAsString();
-				String state = responseUrl.getState();
-				importer.importOpml(userDAO.findById(Long.valueOf(state)), opml);
+				importer.importOpml(CommaFeedSession.get().getUser(), opml);
 			} catch (Exception e) {
 				throw new DisplayException(e);
 			}
diff --git a/src/main/java/com/commafeed/frontend/pages/GoogleImportRedirectPage.java b/src/main/java/com/commafeed/frontend/pages/GoogleImportRedirectPage.java
index aa17082f..3899c607 100644
--- a/src/main/java/com/commafeed/frontend/pages/GoogleImportRedirectPage.java
+++ b/src/main/java/com/commafeed/frontend/pages/GoogleImportRedirectPage.java
@@ -11,7 +11,6 @@ import org.jboss.logging.Logger;
 
 import com.commafeed.backend.model.ApplicationSettings;
 import com.commafeed.backend.services.ApplicationSettingsService;
-import com.commafeed.frontend.CommaFeedSession;
 
 @SuppressWarnings("serial")
 public class GoogleImportRedirectPage extends WebPage {
@@ -40,8 +39,6 @@ public class GoogleImportRedirectPage extends WebPage {
 			builder.addParameter("scope", SCOPE);
 			builder.addParameter("approval_prompt", "force");
 			builder.addParameter("client_id", clientId);
-			builder.addParameter("state",
-					String.valueOf(CommaFeedSession.get().getUser().getId()));
 
 			throw new RedirectToUrlException(builder.build().toString());
 		} catch (URISyntaxException e) {