From fe73a0b22af3b29eb60f31ba5cc0b73c1bf7d828 Mon Sep 17 00:00:00 2001
From: leela <leela.vadlamudi@gmail.com>
Date: Mon, 19 Apr 2021 14:43:44 +0530
Subject: [PATCH 1/2] refactor: removed unused code

---
 frappe/www/login.py | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/frappe/www/login.py b/frappe/www/login.py
index 76b232f8ee..1ce25a81d9 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -95,14 +95,6 @@ def login_via_frappe(code, state):
 def login_via_office365(code, state):
 	login_via_oauth2_id_token("office_365", code, state, decoder=decoder_compat)
 
-@frappe.whitelist(allow_guest=True)
-def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=None, generate_login_token=False):
-	if not ((data and provider and state) or (email_id and key)):
-		frappe.respond_as_web_page(_("Invalid Request"), _("Missing parameters for login"), http_status_code=417)
-		return
-
-	_login_oauth_user(data, provider, state, email_id, key, generate_login_token)
-
 @frappe.whitelist(allow_guest=True)
 def login_via_token(login_token):
 	sid = frappe.cache().get_value("login_token:{0}".format(login_token), expires=True)

From 1c2d69fbe72aae0f4c146096ef4732fed624ecff Mon Sep 17 00:00:00 2001
From: leela <leela.vadlamudi@gmail.com>
Date: Mon, 19 Apr 2021 14:45:38 +0530
Subject: [PATCH 2/2] fix: remove the token validation check

Let token be part of state to make state dynamic. But there is no need
to have validation for token.
---
 frappe/utils/oauth.py | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/frappe/utils/oauth.py b/frappe/utils/oauth.py
index 6596701ee3..6a92737a0d 100644
--- a/frappe/utils/oauth.py
+++ b/frappe/utils/oauth.py
@@ -64,8 +64,6 @@ def get_oauth2_authorize_url(provider, redirect_to):
 
 	state = { "site": frappe.utils.get_url(), "token": frappe.generate_hash(), "redirect_to": redirect_to 	}
 
-	frappe.cache().set_value("{0}:{1}".format(provider, state["token"]), True, expires_in_sec=120)
-
 	# relative to absolute url
 	data = {
 		"redirect_uri": get_redirect_uri(provider),
@@ -176,11 +174,6 @@ def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=No
 		frappe.respond_as_web_page(_("Invalid Request"), _("Token is missing"), http_status_code=417)
 		return
 
-	token = frappe.cache().get_value("{0}:{1}".format(provider, state["token"]), expires=True)
-	if not token:
-		frappe.respond_as_web_page(_("Invalid Request"), _("Invalid Token"), http_status_code=417)
-		return
-
 	user = get_email(data)
 
 	if not user: