Fail gracefull if an unkown oauth2 client tries to authenticate

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

2 files changed, 26 insertions, 4 deletions

diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 8e6d6d55e2d..8e8cff1b1a5 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -22,8 +22,12 @@
 namespace OCA\OAuth2\Controller;
 
 use OCA\OAuth2\Db\ClientMapper;
+use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\RedirectResponse;
+use OCP\AppFramework\Http\Response;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
@@ -35,6 +39,8 @@ class LoginRedirectorController extends Controller {
 	private $clientMapper;
 	/** @var ISession */
 	private $session;
+	/** @var IL10N */
+	private $l;
 
 	/**
 	 * @param string $appName
@@ -42,16 +48,19 @@ class LoginRedirectorController extends Controller {
 	 * @param IURLGenerator $urlGenerator
 	 * @param ClientMapper $clientMapper
 	 * @param ISession $session
+	 * @param IL10N $l
 	 */
 	public function __construct($appName,
 								IRequest $request,
 								IURLGenerator $urlGenerator,
 								ClientMapper $clientMapper,
-								ISession $session) {
+								ISession $session,
+								IL10N $l) {
 		parent::__construct($appName, $request);
 		$this->urlGenerator = $urlGenerator;
 		$this->clientMapper = $clientMapper;
 		$this->session = $session;
+		$this->l = $l;
 	}
 
 	/**
@@ -62,12 +71,20 @@ class LoginRedirectorController extends Controller {
 	 * @param string $client_id
 	 * @param string $state
 	 * @param string $response_type
-	 * @return RedirectResponse
+	 * @return Response
 	 */
 	public function authorize($client_id,
 							  $state,
 							  $response_type) {
-		$client = $this->clientMapper->getByIdentifier($client_id);
+		try {
+			$client = $this->clientMapper->getByIdentifier($client_id);
+		} catch (ClientNotFoundException $e) {
+			$response = new TemplateResponse('core', '404', 'guest');
+			$response->setParams([
+				'content' => $this->l->t('Your client is not authorized to connect. Please inform the administrator of your client.'),
+			]);
+			return $response;
+		}
 
 		if ($response_type !== 'code') {
 			//Fail
diff --git a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
index 584e3ebed54..75096eefddd 100644
--- a/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
+++ b/apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
@@ -26,6 +26,7 @@ use OCA\OAuth2\Controller\LoginRedirectorController;
 use OCA\OAuth2\Db\Client;
 use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Http\RedirectResponse;
+use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
@@ -44,6 +45,8 @@ class LoginRedirectorControllerTest extends TestCase {
 	private $session;
 	/** @var LoginRedirectorController */
 	private $loginRedirectorController;
+	/** @var IL10N */
+	private $l;
 
 	public function setUp() {
 		parent::setUp();
@@ -52,13 +55,15 @@ class LoginRedirectorControllerTest extends TestCase {
 		$this->urlGenerator = $this->createMock(IURLGenerator::class);
 		$this->clientMapper = $this->createMock(ClientMapper::class);
 		$this->session = $this->createMock(ISession::class);
+		$this->l = $this->createMock(IL10N::class);
 
 		$this->loginRedirectorController = new LoginRedirectorController(
 			'oauth2',
 			$this->request,
 			$this->urlGenerator,
 			$this->clientMapper,
-			$this->session
+			$this->session,
+			$this->l
 		);
 	}