diff options
author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-05-12 12:44:22 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-05-18 20:49:06 +0200 |
commit | a74d67b69c986f1703567bc5986daed9f82f4571 (patch) | |
tree | 68fba0accd636890b4c2471c1e0dc72eb424b786 | |
parent | 1a8965b488e436099bf6e1bbd025d652e9791fe7 (diff) | |
download | nextcloud-server-a74d67b69c986f1703567bc5986daed9f82f4571.tar.gz nextcloud-server-a74d67b69c986f1703567bc5986daed9f82f4571.zip |
show error page if no valid client identifier is given and if it is not a API request
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
-rw-r--r-- | core/Controller/ClientFlowLoginController.php | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 70cf8e8cebc..996ae34b0f2 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -151,18 +151,37 @@ class ClientFlowLoginController extends Controller { */ public function showAuthPickerPage($clientIdentifier = '', $oauthState = '') { - $stateToken = $this->random->generate( - 64, - ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS - ); - $this->session->set(self::stateName, $stateToken); + $clientName = $this->getClientName(); + $client = null; if($clientIdentifier !== '') { $client = $this->clientMapper->getByIdentifier($clientIdentifier); $clientName = $client->getName(); } + $validClient = $client !== null && $client->getClientIdentifier() !== null; + $cookieCheckSuccessful = $this->request->passesStrictCookieCheck(); + + // no valid clientIdentifier given and no valid API Request (APIRequest header not set) + if ($cookieCheckSuccessful === false && $validClient === false) { + return new TemplateResponse( + $this->appName, + 'error', + ['errors' => + [ + ['error' => 'Access Forbidden', 'hint' => 'Invalid request'] + ] + ] + ); + } + + $stateToken = $this->random->generate( + 64, + ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS + ); + $this->session->set(self::stateName, $stateToken); + return new TemplateResponse( $this->appName, 'loginflow/authpicker', |