Fix loginflow with apptoken enter on iOS

author Roeland Jago Douma <roeland@famdouma.nl>

Fri, 4 Jan 2019 19:30:37 +0000 (20:30 +0100)

committer Backportbot <backportbot-noreply@rullzer.com>

Fri, 4 Jan 2019 21:43:36 +0000 (21:43 +0000)
author Roeland Jago Douma <roeland@famdouma.nl>
Fri, 4 Jan 2019 19:30:37 +0000 (20:30 +0100)
committer Backportbot <backportbot-noreply@rullzer.com>
Fri, 4 Jan 2019 21:43:36 +0000 (21:43 +0000)
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php

index 036ea4eaee2c7a81d8286a863693439fe3abf637..96e55848b9c01ed78be212c14d1d49a6f82dc276 100644 (file)
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -355,6 +355,18 @@ class ClientFlowLoginController extends Controller {
                 return new Http\RedirectResponse($redirectUri);
         }
  
+       /**
+        * @PublicPage
+        */
+       public function apptokenRedirect(string $stateToken, string $user, string $password) {
+               if (!$this->isValidToken($stateToken)) {
+                       return $this->stateTokenForbiddenResponse();
+               }
+
+               $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($user) . '&password:' . urlencode($password);
+               return new Http\RedirectResponse($redirectUri);
+       }
+
         private function getServerPath(): string {
                 $serverPostfix = '';
  
diff --git a/core/js/login/authpicker.js b/core/js/login/authpicker.js

index 2d4bcc33158d3151c55bc6ae236501313c987f89..e1e34bbd8d6331d63270975522be8337eeaeaf4c 100644 (file)
--- a/core/js/login/authpicker.js
+++ b/core/js/login/authpicker.js
@@ -5,12 +5,4 @@ jQuery(document).ready(function() {
                 $('#redirect-link').addClass('hidden');
                 $('#app-token-login-field').removeClass('hidden');
         });
-
-       $('#submit-app-token-login').click(function(e) {
-               e.preventDefault();
-               window.location.href = 'nc://login/server:'
-                       + encodeURIComponent($('#serverHost').val())
-                       + "&user:" +  encodeURIComponent($('#user').val())
-                       + "&password:" + encodeURIComponent($('#password').val());
-       });
  });
diff --git a/core/routes.php b/core/routes.php

index 8dedfd1a4c32c21e8fdef85541c6f98a72b3955d..37fb8d4e052c5e3a5a0809f97bd8be33699c6f01 100644 (file)
--- a/core/routes.php
+++ b/core/routes.php
@@ -55,6 +55,7 @@ $application->registerRoutes($this, [
                 ['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'],
                 ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'],
                 ['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'],
+               ['name' => 'ClientFlowLogin#apptokenRedirect', 'url' => '/login/flow/apptoken', 'verb' => 'POST'],
                 ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'],
                 ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'],
                 ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'],
diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php

index 4e2282a18072b6e25be82c63bbc75d13a04e50b4..41b3223652bf76e4ce83c99f167f3e1296c8b05f 100644 (file)
--- a/core/templates/loginflow/authpicker.php
+++ b/core/templates/loginflow/authpicker.php
@@ -44,7 +44,7 @@ $urlGenerator = $_['urlGenerator'];
                 </a>
         </p>
  
-       <fieldset id="app-token-login-field" class="hidden">
+       <form action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.apptokenRedirect')); ?>" method="post" id="app-token-login-field" class="hidden">
                 <p class="grouptop">
                         <input type="text" name="user" id="user" placeholder="<?php p($l->t('Username')) ?>">
                         <label for="user" class="infield"><?php p($l->t('Username')) ?></label>
@@ -53,9 +53,10 @@ $urlGenerator = $_['urlGenerator'];
                         <input type="password" name="password" id="password" placeholder="<?php p($l->t('App token')) ?>">
                         <label for="password" class="infield"><?php p($l->t('Password')) ?></label>
                 </p>
-               <input type="hidden" id="serverHost" value="<?php p($_['serverHost']) ?>" />
+               <input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />
+               <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
                 <input id="submit-app-token-login" type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Grant access')) ?>">
-       </fieldset>
+       </form>
  </div>
  
  <?php if(empty($_['oauthState'])): ?>
author	Roeland Jago Douma <roeland@famdouma.nl>
	Fri, 4 Jan 2019 19:30:37 +0000 (20:30 +0100)
committer	Backportbot <backportbot-noreply@rullzer.com>
	Fri, 4 Jan 2019 21:43:36 +0000 (21:43 +0000)
core/Controller/ClientFlowLoginController.php		patch \| blob \| history
core/js/login/authpicker.js		patch \| blob \| history
core/routes.php		patch \| blob \| history
core/templates/loginflow/authpicker.php		patch \| blob \| history