From: Vincent Petry <vincent@nextcloud.com>
Date: Tue, 25 Jan 2022 16:47:58 +0000 (+0100)
Subject: Add direct arg to login flow
X-Git-Tag: v24.0.0beta2~14^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=80388663afa718a884e63de653e0cba545c7403f;p=nextcloud-server.git

Add direct arg to login flow

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
---

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index e067f0ff6b5..ad8bc8eb086 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -162,12 +162,8 @@ class ClientFlowLoginController extends Controller {
 	 * @PublicPage
 	 * @NoCSRFRequired
 	 * @UseSession
-	 *
-	 * @param string $clientIdentifier
-	 *
-	 * @return StandaloneTemplateResponse
 	 */
-	public function showAuthPickerPage($clientIdentifier = '', $user = '') {
+	public function showAuthPickerPage(string $clientIdentifier = '', string $user = '', int $direct = 0): StandaloneTemplateResponse {
 		$clientName = $this->getClientName();
 		$client = null;
 		if ($clientIdentifier !== '') {
@@ -219,6 +215,7 @@ class ClientFlowLoginController extends Controller {
 				'serverHost' => $this->getServerPath(),
 				'oauthState' => $this->session->get('oauth.state'),
 				'user' => $user,
+				'direct' => $direct,
 			],
 			'guest'
 		);
@@ -232,13 +229,10 @@ class ClientFlowLoginController extends Controller {
 	 * @NoCSRFRequired
 	 * @NoSameSiteCookieRequired
 	 * @UseSession
-	 *
-	 * @param string $stateToken
-	 * @param string $clientIdentifier
-	 * @return StandaloneTemplateResponse
 	 */
-	public function grantPage($stateToken = '',
-								 $clientIdentifier = '') {
+	public function grantPage(string $stateToken = '',
+				  string $clientIdentifier = '',
+				  int $direct = 0): StandaloneTemplateResponse {
 		if (!$this->isValidToken($stateToken)) {
 			return $this->stateTokenForbiddenResponse();
 		}
@@ -268,6 +262,7 @@ class ClientFlowLoginController extends Controller {
 				'stateToken' => $stateToken,
 				'serverHost' => $this->getServerPath(),
 				'oauthState' => $this->session->get('oauth.state'),
+				'direct' => $direct,
 			],
 			'guest'
 		);
diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php
index d8ef2998d13..a7d4faa67bf 100644
--- a/core/templates/loginflow/authpicker.php
+++ b/core/templates/loginflow/authpicker.php
@@ -46,7 +46,7 @@ $urlGenerator = $_['urlGenerator'];
 	<br/>
 
 	<p id="redirect-link">
-		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState'], 'user' => $_['user']])) ?>">
+		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState'], 'user' => $_['user'], 'direct' => $_['direct']])) ?>">
 			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
 		</a>
 	</p>
@@ -62,6 +62,9 @@ $urlGenerator = $_['urlGenerator'];
 		</p>
 		<input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />
 		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
+		<?php if ($_['direct'] !== 0) { ?>
+			<input type="hidden" name="direct" value="<?php p($_['direct']) ?>">
+		<?php } ?>
 		<input id="submit-app-token-login" type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Grant access')) ?>">
 	</form>
 
diff --git a/core/templates/loginflow/grant.php b/core/templates/loginflow/grant.php
index 0f1b9235a89..c537c47ea64 100644
--- a/core/templates/loginflow/grant.php
+++ b/core/templates/loginflow/grant.php
@@ -39,14 +39,17 @@ $urlGenerator = $_['urlGenerator'];
 	<br/>
 
 	<p id="redirect-link">
-		<form method="POST" action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.generateAppPassword')) ?>">	
-			<input type="hidden" name="clientIdentifier" value="<?php p($_['clientIdentifier']) ?>" />	
-			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />	
-			<input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />	
-			<input type="hidden" name="oauthState" value="<?php p($_['oauthState']) ?>" />	
+		<form method="POST" action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.generateAppPassword')) ?>">
+			<input type="hidden" name="clientIdentifier" value="<?php p($_['clientIdentifier']) ?>" />
+			<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
+			<input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />
+			<input type="hidden" name="oauthState" value="<?php p($_['oauthState']) ?>" />
+			<?php if (p($_['direct'])) { ?>
+			<input type="hidden" name="direct" value="1" />
+			<?php } ?>
 			<div id="submit-wrapper">
 				<input type="submit" class="login primary icon-confirm-white" title="" value="<?php p($l->t('Grant access')); ?>" />
-			</div>	
+			</div>
 		</form>
 	</p>
 </div>
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index fffeffd4feb..e0f36231b68 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -264,6 +264,9 @@ class SecurityMiddleware extends Middleware {
 					if ($usernamePrefill !== '') {
 						$params['user'] = $usernamePrefill;
 					}
+					if ($this->request->getParam('direct')) {
+						$params['direct'] = 1;
+					}
 					$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
 					$response = new RedirectResponse($url);
 				} else {
diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php
index 38204bbcc32..dae42474f41 100644
--- a/tests/Core/Controller/ClientFlowLoginControllerTest.php
+++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php
@@ -184,6 +184,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 				'serverHost' => 'https://example.com',
 				'oauthState' => 'OauthStateToken',
 				'user' => '',
+				'direct' => 0
 			],
 			'guest'
 		);
@@ -248,6 +249,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 				'serverHost' => 'https://example.com',
 				'oauthState' => 'OauthStateToken',
 				'user' => '',
+				'direct' => 0
 			],
 			'guest'
 		);