From 61dd1d3d976e811ed504074e3d9fd7d2b149b5b5 Mon Sep 17 00:00:00 2001
From: Julius Härtl <jus@bitgrid.net>
Date: Wed, 3 Nov 2021 10:53:05 +0100
Subject: Pass username prefill through unauthenticated request redirects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 core/Controller/ClientFlowLoginController.php                       | 3 ++-
 core/Controller/ClientFlowLoginV2Controller.php                     | 3 ++-
 core/templates/loginflow/authpicker.php                             | 2 +-
 core/templates/loginflowv2/authpicker.php                           | 2 +-
 lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 4 ++++
 tests/Core/Controller/ClientFlowLoginControllerTest.php             | 2 ++
 6 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 2ba26deb0e7..e067f0ff6b5 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -167,7 +167,7 @@ class ClientFlowLoginController extends Controller {
 	 *
 	 * @return StandaloneTemplateResponse
 	 */
-	public function showAuthPickerPage($clientIdentifier = '') {
+	public function showAuthPickerPage($clientIdentifier = '', $user = '') {
 		$clientName = $this->getClientName();
 		$client = null;
 		if ($clientIdentifier !== '') {
@@ -218,6 +218,7 @@ class ClientFlowLoginController extends Controller {
 				'stateToken' => $stateToken,
 				'serverHost' => $this->getServerPath(),
 				'oauthState' => $this->session->get('oauth.state'),
+				'user' => $user,
 			],
 			'guest'
 		);
diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php
index 205c1ff8a1c..bb15ea3cc5d 100644
--- a/core/Controller/ClientFlowLoginV2Controller.php
+++ b/core/Controller/ClientFlowLoginV2Controller.php
@@ -117,7 +117,7 @@ class ClientFlowLoginV2Controller extends Controller {
 	 * @PublicPage
 	 * @UseSession
 	 */
-	public function showAuthPickerPage(): StandaloneTemplateResponse {
+	public function showAuthPickerPage($user = ''): StandaloneTemplateResponse {
 		try {
 			$flow = $this->getFlowByLoginToken();
 		} catch (LoginFlowV2NotFoundException $e) {
@@ -138,6 +138,7 @@ class ClientFlowLoginV2Controller extends Controller {
 				'instanceName' => $this->defaults->getName(),
 				'urlGenerator' => $this->urlGenerator,
 				'stateToken' => $stateToken,
+				'user' => $user,
 			],
 			'guest'
 		);
diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php
index 02b4b9cc003..128429cb0b3 100644
--- a/core/templates/loginflow/authpicker.php
+++ b/core/templates/loginflow/authpicker.php
@@ -46,7 +46,7 @@ $urlGenerator = $_['urlGenerator'];
 	<br/>
 
 	<p id="redirect-link">
-		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>">
+		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState'], 'user' => $_['user']])) ?>">
 			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
 		</a>
 	</p>
diff --git a/core/templates/loginflowv2/authpicker.php b/core/templates/loginflowv2/authpicker.php
index ce993ea2092..42eb72aee33 100644
--- a/core/templates/loginflowv2/authpicker.php
+++ b/core/templates/loginflowv2/authpicker.php
@@ -45,7 +45,7 @@ $urlGenerator = $_['urlGenerator'];
 	<br/>
 
 	<p id="redirect-link">
-		<a href="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLoginV2.grantPage', ['stateToken' => $_['stateToken']])) ?>">
+		<a href="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLoginV2.grantPage', ['stateToken' => $_['stateToken'], 'user' => $_['user']])) ?>">
 			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
 		</a>
 	</p>
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index d162bb54108..fffeffd4feb 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -260,6 +260,10 @@ class SecurityMiddleware extends Middleware {
 					if (isset($this->request->server['REQUEST_URI'])) {
 						$params['redirect_url'] = $this->request->server['REQUEST_URI'];
 					}
+					$usernamePrefill = $this->request->getParam('user', '');
+					if ($usernamePrefill !== '') {
+						$params['user'] = $usernamePrefill;
+					}
 					$url = $this->urlGenerator->linkToRoute('core.login.showLoginForm', $params);
 					$response = new RedirectResponse($url);
 				} else {
diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php
index 51a17743c93..38204bbcc32 100644
--- a/tests/Core/Controller/ClientFlowLoginControllerTest.php
+++ b/tests/Core/Controller/ClientFlowLoginControllerTest.php
@@ -183,6 +183,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 				'stateToken' => 'StateToken',
 				'serverHost' => 'https://example.com',
 				'oauthState' => 'OauthStateToken',
+				'user' => '',
 			],
 			'guest'
 		);
@@ -246,6 +247,7 @@ class ClientFlowLoginControllerTest extends TestCase {
 				'stateToken' => 'StateToken',
 				'serverHost' => 'https://example.com',
 				'oauthState' => 'OauthStateToken',
+				'user' => '',
 			],
 			'guest'
 		);
-- 
cgit v1.2.3