From: Joas Schilling Date: Fri, 17 Jul 2020 07:05:16 +0000 (+0200) Subject: Make magic strings of ClientFlowLogin and v2 publicly available X-Git-Tag: v20.0.0beta1~219^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=543fabe27919df81e79a16644fe4eedf9eceb07c;p=nextcloud-server.git Make magic strings of ClientFlowLogin and v2 publicly available Signed-off-by: Joas Schilling --- diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 80cf94a7900..12c01cba651 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -78,7 +78,7 @@ class ClientFlowLoginController extends Controller { /** @var EventDispatcherInterface */ private $eventDispatcher; - public const stateName = 'client.flow.state.token'; + public const STATE_NAME = 'client.flow.state.token'; /** * @param string $appName @@ -135,7 +135,7 @@ class ClientFlowLoginController extends Controller { * @return bool */ private function isValidToken($stateToken) { - $currentToken = $this->session->get(self::stateName); + $currentToken = $this->session->get(self::STATE_NAME); if (!is_string($stateToken) || !is_string($currentToken)) { return false; } @@ -198,7 +198,7 @@ class ClientFlowLoginController extends Controller { 64, ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS ); - $this->session->set(self::stateName, $stateToken); + $this->session->set(self::STATE_NAME, $stateToken); $csp = new Http\ContentSecurityPolicy(); if ($client) { @@ -286,11 +286,11 @@ class ClientFlowLoginController extends Controller { public function generateAppPassword($stateToken, $clientIdentifier = '') { if (!$this->isValidToken($stateToken)) { - $this->session->remove(self::stateName); + $this->session->remove(self::STATE_NAME); return $this->stateTokenForbiddenResponse(); } - $this->session->remove(self::stateName); + $this->session->remove(self::STATE_NAME); try { $sessionId = $this->session->getId(); @@ -343,7 +343,7 @@ class ClientFlowLoginController extends Controller { $this->accessTokenMapper->insert($accessToken); $redirectUri = $client->getRedirectUri(); - + if (parse_url($redirectUri, PHP_URL_QUERY)) { $redirectUri .= '&'; } else { diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php index d5b50dd413c..e3644531393 100644 --- a/core/Controller/ClientFlowLoginV2Controller.php +++ b/core/Controller/ClientFlowLoginV2Controller.php @@ -44,8 +44,8 @@ use OCP\IURLGenerator; use OCP\Security\ISecureRandom; class ClientFlowLoginV2Controller extends Controller { - private const tokenName = 'client.flow.v2.login.token'; - private const stateName = 'client.flow.v2.state.token'; + public const TOKEN_NAME = 'client.flow.v2.login.token'; + public const STATE_NAME = 'client.flow.v2.state.token'; /** @var LoginFlowV2Service */ private $loginFlowV2Service; @@ -105,7 +105,7 @@ class ClientFlowLoginV2Controller extends Controller { return $this->loginTokenForbiddenResponse(); } - $this->session->set(self::tokenName, $token); + $this->session->set(self::TOKEN_NAME, $token); return new RedirectResponse( $this->urlGenerator->linkToRouteAbsolute('core.ClientFlowLoginV2.showAuthPickerPage') @@ -128,7 +128,7 @@ class ClientFlowLoginV2Controller extends Controller { 64, ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS ); - $this->session->set(self::stateName, $stateToken); + $this->session->set(self::STATE_NAME, $stateToken); return new StandaloneTemplateResponse( $this->appName, @@ -188,11 +188,11 @@ class ClientFlowLoginV2Controller extends Controller { return $this->loginTokenForbiddenResponse(); } - $loginToken = $this->session->get(self::tokenName); + $loginToken = $this->session->get(self::TOKEN_NAME); // Clear session variables - $this->session->remove(self::tokenName); - $this->session->remove(self::stateName); + $this->session->remove(self::TOKEN_NAME); + $this->session->remove(self::STATE_NAME); $sessionId = $this->session->getId(); $result = $this->loginFlowV2Service->flowDone($loginToken, $sessionId, $this->getServerPath(), $this->userId); @@ -240,7 +240,7 @@ class ClientFlowLoginV2Controller extends Controller { } private function isValidStateToken(string $stateToken): bool { - $currentToken = $this->session->get(self::stateName); + $currentToken = $this->session->get(self::STATE_NAME); if (!is_string($stateToken) || !is_string($currentToken)) { return false; } @@ -265,7 +265,7 @@ class ClientFlowLoginV2Controller extends Controller { * @throws LoginFlowV2NotFoundException */ private function getFlowByLoginToken(): LoginFlowV2 { - $currentToken = $this->session->get(self::tokenName); + $currentToken = $this->session->get(self::TOKEN_NAME); if (!is_string($currentToken)) { throw new LoginFlowV2NotFoundException('Login token not set in session'); }