aboutsummaryrefslogtreecommitdiffstats
path: root/apps/oauth2/lib/Controller/OauthApiController.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/oauth2/lib/Controller/OauthApiController.php')
-rw-r--r--apps/oauth2/lib/Controller/OauthApiController.php55
1 files changed, 23 insertions, 32 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php
index 910fdc99432..badafd3bb77 100644
--- a/apps/oauth2/lib/Controller/OauthApiController.php
+++ b/apps/oauth2/lib/Controller/OauthApiController.php
@@ -42,40 +42,23 @@ use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IRequest;
use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
+use Psr\Log\LoggerInterface;
class OauthApiController extends Controller {
- /** @var AccessTokenMapper */
- private $accessTokenMapper;
- /** @var ClientMapper */
- private $clientMapper;
- /** @var ICrypto */
- private $crypto;
- /** @var TokenProvider */
- private $tokenProvider;
- /** @var ISecureRandom */
- private $secureRandom;
- /** @var ITimeFactory */
- private $time;
- /** @var Throttler */
- private $throttler;
-
- public function __construct(string $appName,
- IRequest $request,
- ICrypto $crypto,
- AccessTokenMapper $accessTokenMapper,
- ClientMapper $clientMapper,
- TokenProvider $tokenProvider,
- ISecureRandom $secureRandom,
- ITimeFactory $time,
- Throttler $throttler) {
+
+ public function __construct(
+ string $appName,
+ IRequest $request,
+ private ICrypto $crypto,
+ private AccessTokenMapper $accessTokenMapper,
+ private ClientMapper $clientMapper,
+ private TokenProvider $tokenProvider,
+ private ISecureRandom $secureRandom,
+ private ITimeFactory $time,
+ private LoggerInterface $logger,
+ private Throttler $throttler
+ ) {
parent::__construct($appName, $request);
- $this->crypto = $crypto;
- $this->accessTokenMapper = $accessTokenMapper;
- $this->clientMapper = $clientMapper;
- $this->tokenProvider = $tokenProvider;
- $this->secureRandom = $secureRandom;
- $this->time = $time;
- $this->throttler = $throttler;
}
/**
@@ -124,8 +107,16 @@ class OauthApiController extends Controller {
$client_secret = $this->request->server['PHP_AUTH_PW'];
}
+ try {
+ $storedClientSecret = $this->crypto->decrypt($client->getSecret());
+ } catch (\Exception $e) {
+ $this->logger->error('OAuth client secret decryption error', ['exception' => $e]);
+ return new JSONResponse([
+ 'error' => 'invalid_client',
+ ], Http::STATUS_BAD_REQUEST);
+ }
// The client id and secret must match. Else we don't provide an access token!
- if ($client->getClientIdentifier() !== $client_id || $client->getSecret() !== $client_secret) {
+ if ($client->getClientIdentifier() !== $client_id || $storedClientSecret !== $client_secret) {
return new JSONResponse([
'error' => 'invalid_client',
], Http::STATUS_BAD_REQUEST);
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-30 03:31:11 +0000