diff options
| author | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2021-12-30 08:14:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-30 08:14:23 +0100 |
| commit | bfaeb6ae64b01d591c8122ccb8ba4f7af98652c7 (patch) | |
| tree | e424b97303d34c95befc9bc2a8d43bb590cf3b02 /core/Controller | |
| parent | bf6388ef2d1b13829ef85dc83d6ccbd5e43759bb (diff) | |
| parent | cdda25acb49e50e5989743c0251b394dbbebcaa5 (diff) | |
| download | nextcloud-server-bfaeb6ae64b01d591c8122ccb8ba4f7af98652c7.tar.gz nextcloud-server-bfaeb6ae64b01d591c8122ccb8ba4f7af98652c7.zip | |
Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/ClientFlowLoginV2Controller.php | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php index 46031356ba5..ab46cb4b729 100644 --- a/core/Controller/ClientFlowLoginV2Controller.php +++ b/core/Controller/ClientFlowLoginV2Controller.php @@ -27,6 +27,7 @@ declare(strict_types=1); */ namespace OC\Core\Controller; +use OC\Authentication\Exceptions\InvalidTokenException; use OC\Core\Db\LoginFlowV2; use OC\Core\Exception\LoginFlowV2NotFoundException; use OC\Core\Service\LoginFlowV2Service; @@ -175,6 +176,48 @@ class ClientFlowLoginV2Controller extends Controller { } /** + * @PublicPage + */ + public function apptokenRedirect(string $stateToken, string $user, string $password) { + if (!$this->isValidStateToken($stateToken)) { + return $this->stateTokenForbiddenResponse(); + } + + try { + $this->getFlowByLoginToken(); + } catch (LoginFlowV2NotFoundException $e) { + return $this->loginTokenForbiddenResponse(); + } + + $loginToken = $this->session->get(self::TOKEN_NAME); + + // Clear session variables + $this->session->remove(self::TOKEN_NAME); + $this->session->remove(self::STATE_NAME); + + try { + $token = \OC::$server->get(\OC\Authentication\Token\IProvider::class)->getToken($password); + if ($token->getLoginName() !== $user) { + throw new InvalidTokenException('login name does not match'); + } + } catch (InvalidTokenException $e) { + $response = new StandaloneTemplateResponse( + $this->appName, + '403', + [ + 'message' => $this->l10n->t('Invalid app password'), + ], + 'guest' + ); + $response->setStatus(Http::STATUS_FORBIDDEN); + return $response; + } + + $result = $this->loginFlowV2Service->flowDoneWithAppPassword($loginToken, $this->getServerPath(), $this->userId, $password); + return $this->handleFlowDone($result); + } + + /** * @NoAdminRequired * @UseSession */ @@ -197,7 +240,10 @@ class ClientFlowLoginV2Controller extends Controller { $sessionId = $this->session->getId(); $result = $this->loginFlowV2Service->flowDone($loginToken, $sessionId, $this->getServerPath(), $this->userId); + return $this->handleFlowDone($result); + } + private function handleFlowDone(bool $result): StandaloneTemplateResponse { if ($result) { return new StandaloneTemplateResponse( $this->appName, |