diff options
| author | Richard Steinmetz <richard@steinmetz.cloud> | 2025-06-17 22:39:25 +0200 |
|---|---|---|
| committer | Richard Steinmetz <richard@steinmetz.cloud> | 2025-06-23 11:20:09 +0200 |
| commit | c690c6fbd24eccce0ceb5e5fb400b99251a59667 (patch) | |
| tree | d75ffa42c170ee1f6970bd8ef636f47490119c79 /core | |
| parent | fa15cb8b871181a01a4fb92be91160d38b82e57b (diff) | |
| download | nextcloud-server-fix/two-factor-request-token.tar.gz nextcloud-server-fix/two-factor-request-token.zip | |
fix: update request token on two-factor pagesfix/two-factor-request-token
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/TwoFactorChallengeController.php | 5 | ||||
| -rw-r--r-- | core/src/twofactor-request-token.ts | 25 | ||||
| -rw-r--r-- | core/templates/twofactorselectchallenge.php | 2 | ||||
| -rw-r--r-- | core/templates/twofactorsetupchallenge.php | 2 | ||||
| -rw-r--r-- | core/templates/twofactorsetupselection.php | 2 | ||||
| -rw-r--r-- | core/templates/twofactorshowchallenge.php | 2 |
6 files changed, 34 insertions, 4 deletions
diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php index ef0f420fc82..4791139bb12 100644 --- a/core/Controller/TwoFactorChallengeController.php +++ b/core/Controller/TwoFactorChallengeController.php @@ -25,6 +25,7 @@ use OCP\IRequest; use OCP\ISession; use OCP\IURLGenerator; use OCP\IUserSession; +use OCP\Util; use Psr\Log\LoggerInterface; #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] @@ -89,6 +90,7 @@ class TwoFactorChallengeController extends Controller { 'logout_url' => $this->getLogoutUrl(), 'hasSetupProviders' => !empty($setupProviders), ]; + Util::addScript('core', 'twofactor-request-token'); return new StandaloneTemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest'); } @@ -141,6 +143,7 @@ class TwoFactorChallengeController extends Controller { if ($provider instanceof IProvidesCustomCSP) { $response->setContentSecurityPolicy($provider->getCSP()); } + Util::addScript('core', 'twofactor-request-token'); return $response; } @@ -204,6 +207,7 @@ class TwoFactorChallengeController extends Controller { 'redirect_url' => $redirect_url, ]; + Util::addScript('core', 'twofactor-request-token'); return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest'); } @@ -235,6 +239,7 @@ class TwoFactorChallengeController extends Controller { 'template' => $tmpl->fetchPage(), ]; $response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest'); + Util::addScript('core', 'twofactor-request-token'); return $response; } diff --git a/core/src/twofactor-request-token.ts b/core/src/twofactor-request-token.ts new file mode 100644 index 00000000000..868ceec01e9 --- /dev/null +++ b/core/src/twofactor-request-token.ts @@ -0,0 +1,25 @@ +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +import { onRequestTokenUpdate } from '@nextcloud/auth' +import { getBaseUrl } from '@nextcloud/router' + +document.addEventListener('DOMContentLoaded', () => { + onRequestTokenUpdate((token) => { + const cancelLink = window.document.getElementById('cancel-login') + if (!cancelLink) { + return + } + + const href = cancelLink.getAttribute('href') + if (!href) { + return + } + + const parsedHref = new URL(href, getBaseUrl()) + parsedHref.searchParams.set('requesttoken', token) + cancelLink.setAttribute('href', parsedHref.pathname + parsedHref.search) + }) +}) diff --git a/core/templates/twofactorselectchallenge.php b/core/templates/twofactorselectchallenge.php index 8f31db3f154..e979cfd58ab 100644 --- a/core/templates/twofactorselectchallenge.php +++ b/core/templates/twofactorselectchallenge.php @@ -76,7 +76,7 @@ $noProviders = empty($_['providers']); </a> </p> <?php endif; ?> - <p><a class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> + <p><a id="cancel-login" class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> <?php p($l->t('Cancel login')) ?> </a></p> </div> diff --git a/core/templates/twofactorsetupchallenge.php b/core/templates/twofactorsetupchallenge.php index 09a143f1100..c575ca21343 100644 --- a/core/templates/twofactorsetupchallenge.php +++ b/core/templates/twofactorsetupchallenge.php @@ -14,7 +14,7 @@ $template = $_['template']; <div class="body-login-container update"> <h2 class="two-factor-header"><?php p($provider->getDisplayName()); ?></h2> <?php print_unescaped($template); ?> - <p><a class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> + <p><a id="cancel-login" class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> <?php p($l->t('Cancel login')) ?> </a></p> </div> diff --git a/core/templates/twofactorsetupselection.php b/core/templates/twofactorsetupselection.php index 2eeaa49d6af..77139ab0e2a 100644 --- a/core/templates/twofactorsetupselection.php +++ b/core/templates/twofactorsetupselection.php @@ -35,7 +35,7 @@ declare(strict_types=1); </li> <?php endforeach; ?> </ul> - <p><a class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> + <p><a id="cancel-login" class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> <?php p($l->t('Cancel login')) ?> </a></p> </div> diff --git a/core/templates/twofactorshowchallenge.php b/core/templates/twofactorshowchallenge.php index c0286c44c9c..6bc367d4025 100644 --- a/core/templates/twofactorshowchallenge.php +++ b/core/templates/twofactorshowchallenge.php @@ -38,7 +38,7 @@ $template = $_['template']; </a> </p> <?php endif; ?> - <p><a class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> + <p><a id="cancel-login" class="two-factor-secondary" href="<?php print_unescaped($_['logout_url']); ?>"> <?php p($l->t('Cancel login')) ?> </a></p> </div> |