diff options
| author | Côme Chilliet <come.chilliet@nextcloud.com> | 2024-12-09 16:54:01 +0100 |
|---|---|---|
| committer | Côme Chilliet <91878298+come-nc@users.noreply.github.com> | 2025-01-07 10:34:30 +0100 |
| commit | e7be008dc1ee9ef504448d61606b03897b33b660 (patch) | |
| tree | 0dbcbdd0876fde84b7615c3459610d49618fd9a7 | |
| parent | 9b366c65d40320d30ffd0d0c7e9a728394520bee (diff) | |
| download | nextcloud-server-e7be008dc1ee9ef504448d61606b03897b33b660.tar.gz nextcloud-server-e7be008dc1ee9ef504448d61606b03897b33b660.zip | |
feat(oauth2): Skip page before login as well for authorized applications
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| -rw-r--r-- | apps/oauth2/lib/Controller/LoginRedirectorController.php | 33 | ||||
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 2 |
2 files changed, 28 insertions, 7 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php index 77bb252206a..481e3cdab53 100644 --- a/apps/oauth2/lib/Controller/LoginRedirectorController.php +++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php @@ -8,6 +8,7 @@ declare(strict_types=1); */ namespace OCA\OAuth2\Controller; +use OC\Core\Controller\ClientFlowLoginController; use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Exceptions\ClientNotFoundException; use OCP\AppFramework\Controller; @@ -18,10 +19,12 @@ use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\Attribute\UseSession; use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\TemplateResponse; +use OCP\IAppConfig; use OCP\IL10N; use OCP\IRequest; use OCP\ISession; use OCP\IURLGenerator; +use OCP\Security\ISecureRandom; #[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)] class LoginRedirectorController extends Controller { @@ -40,6 +43,8 @@ class LoginRedirectorController extends Controller { private ClientMapper $clientMapper, private ISession $session, private IL10N $l, + private ISecureRandom $random, + private IAppConfig $appConfig, ) { parent::__construct($appName, $request); } @@ -78,12 +83,28 @@ class LoginRedirectorController extends Controller { $this->session->set('oauth.state', $state); - $targetUrl = $this->urlGenerator->linkToRouteAbsolute( - 'core.ClientFlowLogin.showAuthPickerPage', - [ - 'clientIdentifier' => $client->getClientIdentifier(), - ] - ); + if (in_array($client->getName(), $this->appConfig->getValueArray('oauth2', 'autoGrantApplications', []))) { + /* See ClientFlowLoginController::showAuthPickerPage */ + $stateToken = $this->random->generate( + 64, + ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS + ); + $this->session->set(ClientFlowLoginController::STATE_NAME, $stateToken); + $targetUrl = $this->urlGenerator->linkToRouteAbsolute( + 'core.ClientFlowLogin.grantPage', + [ + 'stateToken' => $stateToken, + 'clientIdentifier' => $client->getClientIdentifier(), + ] + ); + } else { + $targetUrl = $this->urlGenerator->linkToRouteAbsolute( + 'core.ClientFlowLogin.showAuthPickerPage', + [ + 'clientIdentifier' => $client->getClientIdentifier(), + ] + ); + } return new RedirectResponse($targetUrl); } } diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 66e049616c0..76f447f2101 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -8,7 +8,6 @@ namespace OC\Core\Controller; use OC\Authentication\Events\AppPasswordCreatedEvent; use OC\Authentication\Exceptions\PasswordlessTokenException; use OC\Authentication\Token\IProvider; -use OC\Authentication\Token\IToken; use OCA\OAuth2\Db\AccessToken; use OCA\OAuth2\Db\AccessTokenMapper; use OCA\OAuth2\Db\ClientMapper; @@ -24,6 +23,7 @@ use OCP\AppFramework\Http\Response; use OCP\AppFramework\Http\StandaloneTemplateResponse; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Authentication\Exceptions\InvalidTokenException; +use OCP\Authentication\Token\IToken; use OCP\Defaults; use OCP\EventDispatcher\IEventDispatcher; use OCP\IAppConfig; |