Merge branch 'Hotfix/state-verification'

Author: william26

bower.json

@@ -1,6 +1,6 @@
 {
     "name": "oauth-js",
-    "version": "0.2.3",
+    "version": "0.2.4",
     "main": "dist/oauth.min.js",
     "description": "OAuth that just works",
     "license": "apache2",

coffee/lib/oauthio_requests.coffee

@@ -169,7 +169,13 @@ module.exports = ($, config, client_states, cache, providers_api) ->
 				return opts.callback(err)
 			else
 				return
-		if not data.state or client_states.indexOf(data.state) is -1
+
+		#checking if state is known
+		data.state = data.state.replace(/\s+/g,"")
+		for k,v of client_states
+			client_states[k] = v.replace(/\s+/g,"")
+
+		if not data.state or not client_states.indexOf(data.state) == -1
 			defer?.reject new Error("State is not matching")
 			if opts.callback and typeof opts.callback == "function"
 				return opts.callback(new Error("State is not matching"))

dist/oauth.js

@@ -2,7 +2,7 @@
 module.exports = {
   oauthd_url: "https://oauth.io",
   oauthd_api: "https://oauth.io/api",
-  version: "web-0.2.3",
+  version: "web-0.2.4",
   options: {}
 };
 
@@ -664,7 +664,7 @@ module.exports = function($, config, client_states, cache, providers_api) {
       };
     },
     sendCallback: function(opts, defer) {
-      var base, data, e, err, i, make_res, request, res, tokens;
+      var base, data, e, err, i, k, make_res, request, res, tokens, v;
       base = this;
       data = void 0;
       err = void 0;
@@ -715,7 +715,12 @@ module.exports = function($, config, client_states, cache, providers_api) {
           return;
         }
       }
-      if (!data.state || client_states.indexOf(data.state) === -1) {
+      data.state = data.state.replace(/\s+/g, "");
+      for (k in client_states) {
+        v = client_states[k];
+        client_states[k] = v.replace(/\s+/g, "");
+      }
+      if (!data.state || !client_states.indexOf(data.state) === -1) {
         if (defer != null) {
           defer.reject(new Error("State is not matching"));
         }