aboutsummaryrefslogtreecommitdiffstats
path: root/apps/oauth2/lib
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2017-05-18 15:43:14 +0200
committerLukas Reschke <lukas@statuscode.ch>2017-05-18 20:49:08 +0200
commitb07a0f51bacc65cc55982172301599ec12fdc235 (patch)
tree8fc4e52e8322930bf128c33c681dbf61fedc3cdf /apps/oauth2/lib
parent88afd8b22466e4dfab8e136f81440b160ee84acb (diff)
downloadnextcloud-server-b07a0f51bacc65cc55982172301599ec12fdc235.tar.gz
nextcloud-server-b07a0f51bacc65cc55982172301599ec12fdc235.zip
Add OAuth state to session
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Diffstat (limited to 'apps/oauth2/lib')
-rw-r--r--apps/oauth2/lib/Controller/LoginRedirectorController.php17
1 files changed, 9 insertions, 8 deletions
diff --git a/apps/oauth2/lib/Controller/LoginRedirectorController.php b/apps/oauth2/lib/Controller/LoginRedirectorController.php
index 1a2e00ef5dc..9237b4b1b3c 100644
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@@ -25,6 +25,7 @@ use OCA\OAuth2\Db\ClientMapper;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\IRequest;
+use OCP\ISession;
use OCP\IURLGenerator;
class LoginRedirectorController extends Controller {
@@ -32,45 +33,45 @@ class LoginRedirectorController extends Controller {
private $urlGenerator;
/** @var ClientMapper */
private $clientMapper;
+ /** @var ISession */
+ private $session;
/**
* @param string $appName
* @param IRequest $request
* @param IURLGenerator $urlGenerator
* @param ClientMapper $clientMapper
+ * @param ISession $session
*/
public function __construct($appName,
IRequest $request,
IURLGenerator $urlGenerator,
- ClientMapper $clientMapper) {
+ ClientMapper $clientMapper,
+ ISession $session) {
parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator;
$this->clientMapper = $clientMapper;
+ $this->session = $session;
}
/**
* @PublicPage
* @NoCSRFRequired
+ * @UseSession
*
* @param string $client_id
- * @param string $redirect_uri
* @param string $state
* @return RedirectResponse
*/
public function authorize($client_id,
- $redirect_uri,
$state) {
$client = $this->clientMapper->getByIdentifier($client_id);
-
- if($client->getRedirectUri() !== $redirect_uri) {
- throw new \Exception('Redirect URI does not match');
- }
+ $this->session->set('oauth.state', $state);
$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
'core.ClientFlowLogin.showAuthPickerPage',
[
'clientIdentifier' => $client->getClientIdentifier(),
- 'oauthState' => $state,
]
);
return new RedirectResponse($targetUrl);