diff options
author | Lukas Reschke <lukas@statuscode.ch> | 2017-05-18 15:43:14 +0200 |
---|---|---|
committer | Lukas Reschke <lukas@statuscode.ch> | 2017-05-18 20:49:08 +0200 |
commit | b07a0f51bacc65cc55982172301599ec12fdc235 (patch) | |
tree | 8fc4e52e8322930bf128c33c681dbf61fedc3cdf /apps/oauth2/lib | |
parent | 88afd8b22466e4dfab8e136f81440b160ee84acb (diff) | |
download | nextcloud-server-b07a0f51bacc65cc55982172301599ec12fdc235.tar.gz nextcloud-server-b07a0f51bacc65cc55982172301599ec12fdc235.zip |
Add OAuth state to session
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'apps/oauth2/lib')
-rw-r--r-- | apps/oauth2/lib/Controller/LoginRedirectorController.php | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php index 1a2e00ef5dc..9237b4b1b3c 100644 --- a/apps/oauth2/lib/Controller/LoginRedirectorController.php +++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php @@ -25,6 +25,7 @@ use OCA\OAuth2\Db\ClientMapper; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\RedirectResponse; use OCP\IRequest; +use OCP\ISession; use OCP\IURLGenerator; class LoginRedirectorController extends Controller { @@ -32,45 +33,45 @@ class LoginRedirectorController extends Controller { private $urlGenerator; /** @var ClientMapper */ private $clientMapper; + /** @var ISession */ + private $session; /** * @param string $appName * @param IRequest $request * @param IURLGenerator $urlGenerator * @param ClientMapper $clientMapper + * @param ISession $session */ public function __construct($appName, IRequest $request, IURLGenerator $urlGenerator, - ClientMapper $clientMapper) { + ClientMapper $clientMapper, + ISession $session) { parent::__construct($appName, $request); $this->urlGenerator = $urlGenerator; $this->clientMapper = $clientMapper; + $this->session = $session; } /** * @PublicPage * @NoCSRFRequired + * @UseSession * * @param string $client_id - * @param string $redirect_uri * @param string $state * @return RedirectResponse */ public function authorize($client_id, - $redirect_uri, $state) { $client = $this->clientMapper->getByIdentifier($client_id); - - if($client->getRedirectUri() !== $redirect_uri) { - throw new \Exception('Redirect URI does not match'); - } + $this->session->set('oauth.state', $state); $targetUrl = $this->urlGenerator->linkToRouteAbsolute( 'core.ClientFlowLogin.showAuthPickerPage', [ 'clientIdentifier' => $client->getClientIdentifier(), - 'oauthState' => $state, ] ); return new RedirectResponse($targetUrl); |