]> source.dussan.org Git - nextcloud-server.git/commitdiff
Use the proper server for the apptoken flow login 12177/head
authorRoeland Jago Douma <roeland@famdouma.nl>
Wed, 31 Oct 2018 22:06:08 +0000 (23:06 +0100)
committerRoeland Jago Douma <roeland@famdouma.nl>
Thu, 1 Nov 2018 10:45:35 +0000 (11:45 +0100)
If a user can't authenticate normally (because they have 2FA that is not
available on their devices for example). The redirect that is generated
should be of the proper format.

This means

1. Include the protocol
2. Include the possible subfolder

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
core/Controller/ClientFlowLoginController.php
tests/Core/Controller/ClientFlowLoginControllerTest.php

index 088a6a9869967016215272bb1ffa355937895be8..2e8216c2ba52abbba830d66e4ca559ff43e7600d 100644 (file)
@@ -197,7 +197,7 @@ class ClientFlowLoginController extends Controller {
                                'instanceName' => $this->defaults->getName(),
                                'urlGenerator' => $this->urlGenerator,
                                'stateToken' => $stateToken,
-                               'serverHost' => $this->request->getServerHost(),
+                               'serverHost' => $this->getServerPath(),
                                'oauthState' => $this->session->get('oauth.state'),
                        ],
                        'guest'
@@ -235,7 +235,7 @@ class ClientFlowLoginController extends Controller {
                                'instanceName' => $this->defaults->getName(),
                                'urlGenerator' => $this->urlGenerator,
                                'stateToken' => $stateToken,
-                               'serverHost' => $this->request->getServerHost(),
+                               'serverHost' => $this->getServerPath(),
                                'oauthState' => $this->session->get('oauth.state'),
                        ],
                        'guest'
@@ -345,32 +345,34 @@ class ClientFlowLoginController extends Controller {
                        );
                        $this->session->remove('oauth.state');
                } else {
-                       $serverPostfix = '';
+                       $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
 
-                       if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
-                               $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
-                       } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
-                               $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
-                       }
+                       // Clear the token from the login here
+                       $this->tokenProvider->invalidateToken($sessionId);
+               }
 
-                       $protocol = $this->request->getServerProtocol();
+               return new Http\RedirectResponse($redirectUri);
+       }
 
-                       if ($protocol !== "https") {
-                               $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
-                               $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
-                               if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
-                                       $protocol = 'https';
-                               }
-                       }
+       private function getServerPath(): string {
+               $serverPostfix = '';
 
+               if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
+                       $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
+               } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
+                       $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
+               }
 
-                       $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
-                       $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
+               $protocol = $this->request->getServerProtocol();
 
-                       // Clear the token from the login here
-                       $this->tokenProvider->invalidateToken($sessionId);
+               if ($protocol !== "https") {
+                       $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
+                       $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
+                       if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
+                               $protocol = 'https';
+                       }
                }
 
-               return new Http\RedirectResponse($redirectUri);
+               return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
        }
 }
index 7fe87df026f8f52b014e62be1b7a0b1ebd64f93c..b54897ddc4485e09ad2fc18002cf1c5dac1fb923 100644 (file)
@@ -162,6 +162,9 @@ class ClientFlowLoginControllerTest extends TestCase {
                        ->expects($this->once())
                        ->method('getServerHost')
                        ->willReturn('example.com');
+               $this->request
+                       ->method('getServerProtocol')
+                       ->willReturn('https');
 
                $expected = new TemplateResponse(
                        'core',
@@ -172,7 +175,7 @@ class ClientFlowLoginControllerTest extends TestCase {
                                'instanceName' => 'ExampleCloud',
                                'urlGenerator' => $this->urlGenerator,
                                'stateToken' => 'StateToken',
-                               'serverHost' => 'example.com',
+                               'serverHost' => 'https://example.com',
                                'oauthState' => 'OauthStateToken',
                        ],
                        'guest'
@@ -218,6 +221,9 @@ class ClientFlowLoginControllerTest extends TestCase {
                        ->expects($this->once())
                        ->method('getServerHost')
                        ->willReturn('example.com');
+               $this->request
+                       ->method('getServerProtocol')
+                       ->willReturn('https');
 
                $expected = new TemplateResponse(
                        'core',
@@ -228,7 +234,7 @@ class ClientFlowLoginControllerTest extends TestCase {
                                'instanceName' => 'ExampleCloud',
                                'urlGenerator' => $this->urlGenerator,
                                'stateToken' => 'StateToken',
-                               'serverHost' => 'example.com',
+                               'serverHost' => 'https://example.com',
                                'oauthState' => 'OauthStateToken',
                        ],
                        'guest'