fix oauth client redirect

Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
author: Sergej Nikolaev <kinolaev@gmail.com> 2019-10-04 19:56:30 +0300
committer: Sergej Nikolaev <kinolaev@gmail.com> 2019-10-04 21:09:13 +0300
commit: 1b5d85a4ca6786f2c63a38716347a0bf26f51bed (patch)
tree: a7d19d6a800b8ef0d58fcaa3956efea4157b74fa
parent: dcae3e77111c60a28efe43821fc721d0ef221596 (diff)
download: nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.tar.gz
nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.zip
2 files changed, 12 insertions, 3 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index f049f282ce8..bffedf19224 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -196,7 +196,11 @@ class ClientFlowLoginController extends Controller {
 		$this->session->set(self::stateName, $stateToken);
 
 		$csp = new Http\ContentSecurityPolicy();
-		$csp->addAllowedFormActionDomain('nc://*');
+		if ($client) {
+			$csp->addAllowedFormActionDomain($client->getRedirectUri());
+		} else {
+			$csp->addAllowedFormActionDomain('nc://*');
+		}
 
 		$response = new StandaloneTemplateResponse(
 			$this->appName,
@@ -241,7 +245,11 @@ class ClientFlowLoginController extends Controller {
 		}
 
 		$csp = new Http\ContentSecurityPolicy();
-		$csp->addAllowedFormActionDomain('nc://*');
+		if ($client) {
+			$csp->addAllowedFormActionDomain($client->getRedirectUri());
+		} else {
+			$csp->addAllowedFormActionDomain('nc://*');
+		}
 
 		$response = new StandaloneTemplateResponse(
 			$this->appName,
diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php
index f35b616a68e..50280e18371 100644
--- a/tests/Core/Controller/ClientFlowLoginControllerTest.php
+++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php
@@ -200,6 +200,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 			->willReturn('Mac OS X Sync Client');
 		$client = new Client();
 		$client->setName('My external service');
+		$client->setRedirectUri('https://example.com/redirect.php');
 		$this->clientMapper
 			->expects($this->once())
 			->method('getByIdentifier')
@@ -249,7 +250,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 			'guest'
 		);
 		$csp = new Http\ContentSecurityPolicy();
-		$csp->addAllowedFormActionDomain('nc://*');
+		$csp->addAllowedFormActionDomain('https://example.com/redirect.php');
 		$expected->setContentSecurityPolicy($csp);
 		$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
 	}
author	Sergej Nikolaev <kinolaev@gmail.com>	2019-10-04 19:56:30 +0300
committer	Sergej Nikolaev <kinolaev@gmail.com>	2019-10-04 21:09:13 +0300
commit	1b5d85a4ca6786f2c63a38716347a0bf26f51bed (patch)
tree	a7d19d6a800b8ef0d58fcaa3956efea4157b74fa
parent	dcae3e77111c60a28efe43821fc721d0ef221596 (diff)
download	nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.tar.gz nextcloud-server-1b5d85a4ca6786f2c63a38716347a0bf26f51bed.zip