From dd84f525fc092661e2c52c11c8575343bb7892df Mon Sep 17 00:00:00 2001
From: Will Hunt <willh@matrix.org>
Date: Wed, 1 Dec 2021 11:01:37 +0000
Subject: [PATCH] Fix state bug

---
 src/Bridge.ts               | 16 ++++++++++------
 src/Github/AdminCommands.ts |  3 +++
 src/UserTokenStore.ts       |  8 +++++---
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/src/Bridge.ts b/src/Bridge.ts
index 276b0b15..eba0ff4a 100644
--- a/src/Bridge.ts
+++ b/src/Bridge.ts
@@ -416,7 +416,7 @@ export class Bridge {
         );
     
         this.queue.on<OAuthRequest>("jira.oauth.response", async (msg) => {
-            const userId = this.tokenStore.getUserIdForOAuthState(msg.data.state);
+            const userId = this.tokenStore.getUserIdForOAuthState(msg.data.state, false);
             await this.queue.push<boolean>({
                 data: !!(userId),
                 sender: "Bridge",
@@ -425,13 +425,17 @@ export class Bridge {
             });
         });
 
-        this.queue.on<JiraOAuthResult>("jira.oauth.tokens", async (msg) => {
-            const userId = this.tokenStore.getUserIdForOAuthState(msg.data.state);
-            if (!userId) {
-                log.warn("Could not find admin room for successful tokens request. This shouldn't happen!");
+        this.queue.on<JiraOAuthResult>("jira.oauth.tokens", async ({data}) => {
+            if (!data.state) {
+                log.warn("Missing `state` on `jira.oauth.tokens` event. This shouldn't happen!");
                 return;
             }
-            await this.tokenStore.storeUserToken("jira", userId, JSON.stringify(msg.data));
+            const userId = this.tokenStore.getUserIdForOAuthState(data.state);
+            if (!userId) {
+                log.warn("Could not find internal state for successful tokens request. This shouldn't happen!");
+                return;
+            }
+            await this.tokenStore.storeUserToken("jira", userId, JSON.stringify(data));
 
             // Some users won't have an admin room and would have gone through provisioning.
             const adminRoom = this.adminRooms.get(userId);
diff --git a/src/Github/AdminCommands.ts b/src/Github/AdminCommands.ts
index 43eb008d..fc031a3a 100644
--- a/src/Github/AdminCommands.ts
+++ b/src/Github/AdminCommands.ts
@@ -20,6 +20,9 @@ export class GitHubBotCommands extends AdminRoomCommandHandler {
         if (!this.config.github) {
             throw new CommandError("no-github-support", "The bridge is not configured with GitHub support");
         }
+        if (!this.config.github.oauth) {
+            throw new CommandError("no-github-support", "The bridge is not configured with GitHub OAuth support");
+        }
         const state = this.tokenStore.createStateForOAuth(this.userId);
         return this.sendNotice(`To login, open ${generateGitHubOAuthUrl(this.config.github.oauth.client_id, this.config.github.oauth.redirect_uri, state)} to link your account to the bridge`);
     }
diff --git a/src/UserTokenStore.ts b/src/UserTokenStore.ts
index ae21f9c7..3c96feab 100644
--- a/src/UserTokenStore.ts
+++ b/src/UserTokenStore.ts
@@ -134,13 +134,15 @@ export class UserTokenStore {
         return state;
     }
 
-    public getUserIdForOAuthState(state: string) {
+    public getUserIdForOAuthState(state: string, remove = true) {
         const result = this.oauthSessionStore.get(state);
         if (!result) {
             return null;
         }
-        clearTimeout(result.timeout);
-        this.oauthSessionStore.delete(state);
+        if (remove) {
+            clearTimeout(result.timeout);
+            this.oauthSessionStore.delete(state);
+        }
         return result.userId;
     }
 }