fixes for Lucho's review

joshcanhelp · joshcanhelp · commit 4246215e6932 · 2018-03-02T13:38:20.000-08:00
diff --git a/README.md b/README.md
@@ -26,8 +26,8 @@ Check our docs page to get a complete guide on how to install it in an existing
 
 ## Security Upgrade Notes 5.1.0+
 
-**State validation** is now default behaviour for improved security. By default this will automatically use **Session Storage** and will
-apply if you are using the combination of the `Auth0->login()` method to call the `/authorize` endpoint and using any method which calls the `Auth0->exchange()` method in your callback.
+**State validation** is now default behaviour for improved security. By default this will automatically use **Session Storage** and will apply if you are using the combination of the `Auth0->login()` method to call the `/authorize` endpoint and using any method which calls the `Auth0->exchange()` method in your callback.
+
 If you require custom storage methods you can implement your own [StateHandler](https://github.com/auth0/auth0-PHP/blob/master/src/API/Helpers/State/StateHandler.php) and set it using the `state_handler` key when you initialize an `Auth0` instance.
 
 **Important:** If you are using the `Auth0->exchange()` and using a method other than `Auth0->login()` to generate the Authorize URL you can disable the *StateHandler* by setting the `state_handler` key to `false` when you initialize the `Auth0` instance. However, it is **Highly Recommended** to implement state validation.
diff --git a/src/API/Helpers/State/SessionStateHandler.php b/src/API/Helpers/State/SessionStateHandler.php
@@ -3,7 +3,6 @@
 namespace Auth0\SDK\API\Helpers\State;
 
 use Auth0\SDK\Store\SessionStore;
-use Auth0\SDK\Exception\CoreException;
 
 /*
  * This file is part of Auth0-PHP package.
@@ -54,10 +53,12 @@ public function store($state) {
     
     /**
      * Perform validation of the returned state with the previously generated state.
-     * 
-     * @param  string $state
-     * 
-     * @throws exception
+     *
+     * @param string $state
+     *
+     * @return bool
+     *
+     * @throws \Exception
      */
     public function validate($state) {
         $valid = $this->store->get(self::STATE_NAME) == $state;
diff --git a/src/API/Helpers/State/StateHandler.php b/src/API/Helpers/State/StateHandler.php
@@ -18,7 +18,8 @@
  *
  * @author Auth0
  */
-interface StateHandler {
+interface StateHandler
+{
 
     /**
      * Generate state value to be used for the state param value during authorization.
diff --git a/src/Auth0.php b/src/Auth0.php
@@ -273,8 +273,8 @@ public function login($state = null, $connection = null, $additional_params = []
     }
 
     $params['response_mode'] = $this->response_mode;
-
-    if($additional_params) {
+    
+    if( ! empty( $additional_params ) && is_array( $additional_params ) ) {
       $params = array_replace($params, $additional_params);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,8 @@`
`18`	`18`	`*`
`19`	`19`	`* @author Auth0`
`20`	`20`	`*/`
`21`		`-interface StateHandler {`
	`21`	`+interface StateHandler`
	`22`	`+{`
`22`	`23`
`23`	`24`	`/**`
`24`	`25`	`* Generate state value to be used for the state param value during authorization.`
Original file line number	Diff line number	Diff line change
`@@ -273,8 +273,8 @@ public function login($state = null, $connection = null, $additional_params = []`
`273`	`273`	`}`
`274`	`274`
`275`	`275`	`$params['response_mode'] = $this->response_mode;`
`276`		`-`
`277`		`- if($additional_params) {`
	`276`	`+`
	`277`	`+ if( ! empty( $additional_params ) && is_array( $additional_params ) ) {`
`278`	`278`	`$params = array_replace($params, $additional_params);`
`279`	`279`	`}`
`280`	`280`