Pārlūkot izejas kodu
Use the proper server for the apptoken flow login
If a user can't authenticate normally (because they have 2FA that is not available on their devices for example). The redirect that is generated should be of the proper format. This means 1. Include the protocol 2. Include the possible subfolder Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>tags/v15.0.0beta1
Roeland Jago Douma
pirms 5 gadiem
2 mainītis faili ar 31 papildinājumiem un 23 dzēšanām
+ 23
- 21
core/Controller/ClientFlowLoginController.php
Parādīt failu
| @@ -197,7 +197,7 @@ class ClientFlowLoginController extends Controller { | |||
| 'instanceName' => $this->defaults->getName(), | |||
| 'urlGenerator' => $this->urlGenerator, | |||
| 'stateToken' => $stateToken, | |||
| 'serverHost' => $this->request->getServerHost(), | |||
| 'serverHost' => $this->getServerPath(), | |||
| 'oauthState' => $this->session->get('oauth.state'), | |||
| ], | |||
| 'guest' | |||
| @@ -235,7 +235,7 @@ class ClientFlowLoginController extends Controller { | |||
| 'instanceName' => $this->defaults->getName(), | |||
| 'urlGenerator' => $this->urlGenerator, | |||
| 'stateToken' => $stateToken, | |||
| 'serverHost' => $this->request->getServerHost(), | |||
| 'serverHost' => $this->getServerPath(), | |||
| 'oauthState' => $this->session->get('oauth.state'), | |||
| ], | |||
| 'guest' | |||
| @@ -345,32 +345,34 @@ class ClientFlowLoginController extends Controller { | |||
| ); | |||
| $this->session->remove('oauth.state'); | |||
| } else { | |||
| $serverPostfix = ''; | |||
| $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token); | |||
| if (strpos($this->request->getRequestUri(), '/index.php') !== false) { | |||
| $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php')); | |||
| } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) { | |||
| $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow')); | |||
| } | |||
| // Clear the token from the login here | |||
| $this->tokenProvider->invalidateToken($sessionId); | |||
| } | |||
| $protocol = $this->request->getServerProtocol(); | |||
| return new Http\RedirectResponse($redirectUri); | |||
| } | |||
| if ($protocol !== "https") { | |||
| $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto'); | |||
| $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl'); | |||
| if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') { | |||
| $protocol = 'https'; | |||
| } | |||
| } | |||
| private function getServerPath(): string { | |||
| $serverPostfix = ''; | |||
| if (strpos($this->request->getRequestUri(), '/index.php') !== false) { | |||
| $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php')); | |||
| } else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) { | |||
| $serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow')); | |||
| } | |||
| $serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix; | |||
| $redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token); | |||
| $protocol = $this->request->getServerProtocol(); | |||
| // Clear the token from the login here | |||
| $this->tokenProvider->invalidateToken($sessionId); | |||
| if ($protocol !== "https") { | |||
| $xForwardedProto = $this->request->getHeader('X-Forwarded-Proto'); | |||
| $xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl'); | |||
| if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') { | |||
| $protocol = 'https'; | |||
| } | |||
| } | |||
| return new Http\RedirectResponse($redirectUri); | |||
| return $protocol . "://" . $this->request->getServerHost() . $serverPostfix; | |||
| } | |||
| } | |||
+ 8
- 2
tests/Core/Controller/ClientFlowLoginControllerTest.php
Parādīt failu
| @@ -162,6 +162,9 @@ class ClientFlowLoginControllerTest extends TestCase { | |||
| ->expects($this->once()) | |||
| ->method('getServerHost') | |||
| ->willReturn('example.com'); | |||
| $this->request | |||
| ->method('getServerProtocol') | |||
| ->willReturn('https'); | |||
| $expected = new TemplateResponse( | |||
| 'core', | |||
| @@ -172,7 +175,7 @@ class ClientFlowLoginControllerTest extends TestCase { | |||
| 'instanceName' => 'ExampleCloud', | |||
| 'urlGenerator' => $this->urlGenerator, | |||
| 'stateToken' => 'StateToken', | |||
| 'serverHost' => 'example.com', | |||
| 'serverHost' => 'https://example.com', | |||
| 'oauthState' => 'OauthStateToken', | |||
| ], | |||
| 'guest' | |||
| @@ -218,6 +221,9 @@ class ClientFlowLoginControllerTest extends TestCase { | |||
| ->expects($this->once()) | |||
| ->method('getServerHost') | |||
| ->willReturn('example.com'); | |||
| $this->request | |||
| ->method('getServerProtocol') | |||
| ->willReturn('https'); | |||
| $expected = new TemplateResponse( | |||
| 'core', | |||
| @@ -228,7 +234,7 @@ class ClientFlowLoginControllerTest extends TestCase { | |||
| 'instanceName' => 'ExampleCloud', | |||
| 'urlGenerator' => $this->urlGenerator, | |||
| 'stateToken' => 'StateToken', | |||
| 'serverHost' => 'example.com', | |||
| 'serverHost' => 'https://example.com', | |||
| 'oauthState' => 'OauthStateToken', | |||
| ], | |||
| 'guest' | |||
Notiek ielāde…