nextcloud/core/templates/loginflow/authpicker.php

<?php
/**
 * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
 *
 * @license GNU AGPL version 3 or any later version
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */

script('core', 'login/authpicker');
style('core', 'login/authpicker');

/** @var array $_ */
/** @var \OCP\IURLGenerator $urlGenerator */
$urlGenerator = $_['urlGenerator'];
?>

<div class="picker-window">
	<h2><?php p($l->t('Connect to your account')) ?></h2>
	<p class="info">
		<?php print_unescaped($l->t('Please log in before granting %1$s access to your %2$s account.', [
			'<strong>' . \OCP\Util::sanitizeHTML($_['client']) . '</strong>',
			\OCP\Util::sanitizeHTML($_['instanceName'])
		])) ?>
	</p>

	<p class="info">
		<?php print_unescaped($l->t('If you are not trying to set up a new device or app, someone is trying to trick you into granting them access to your data. In this case do not proceed and instead contact your system administrator.')) ?>
	</p>

	<br/>

	<p id="redirect-link">
		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>">
			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
		</a>
	</p>

	<form action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.apptokenRedirect')); ?>" method="post" id="app-token-login-field" class="hidden">
		<p class="grouptop">
			<input type="text" name="user" id="user" placeholder="<?php p($l->t('Username')) ?>">
			<label for="user" class="infield"><?php p($l->t('Username')) ?></label>
		</p>
		<p class="groupbottom">
			<input type="password" name="password" id="password" placeholder="<?php p($l->t('App token')) ?>">
			<label for="password" class="infield"><?php p($l->t('Password')) ?></label>
		</p>
		<input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />
		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">
		<input id="submit-app-token-login" type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Grant access')) ?>">
	</form>
</div>

<?php if (empty($_['oauthState'])): ?>
<a id="app-token-login" class="warning" href="#"><?php p($l->t('Alternative log in using app token')) ?></a>
<?php endif; ?>
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`<?php`
			`/**`
			`* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>`
			`*`
			`* @license GNU AGPL version 3 or any later version`
			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as`
			`* published by the Free Software Foundation, either version 3 of the`
			`* License, or (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`

			`script('core', 'login/authpicker');`
			`style('core', 'login/authpicker');`

			`/** @var array $_ */`
			`/** @var \OCP\IURLGenerator $urlGenerator */`
			`$urlGenerator = $_['urlGenerator'];`
			`?>`

			`<div class="picker-window">`
Improve login flow * Add page explaining you are about to grant access * Show grant access page after login Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-06 23:09:20 +03:00			`<h2><?php p($l->t('Connect to your account')) ?></h2>`
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`<p class="info">`
Use numeric placeholders if there are multiple, so that RTL languages can operate better Signed-off-by: Joas Schilling <coding@schilljs.com> 2018-10-09 15:32:14 +03:00			`<?php print_unescaped($l->t('Please log in before granting %1$s access to your %2$s account.', [`
Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-09 10:22:29 +03:00			`'<strong>' . \OCP\Util::sanitizeHTML($_['client']) . '</strong>',`
			`\OCP\Util::sanitizeHTML($_['instanceName'])`
			`])) ?>`
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`</p>`

Add a clear message why you could end up there Signed-off-by: Joas Schilling <coding@schilljs.com> 2020-07-06 14:44:12 +03:00			`<p class="info">`
			`<?php print_unescaped($l->t('If you are not trying to set up a new device or app, someone is trying to trick you into granting them access to your data. In this case do not proceed and instead contact your system administrator.')) ?>`
			`</p>`

Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`<br/>`

			`<p id="redirect-link">`
Change OAuth2 redirect link to relative link fix issue with third-party apps like rocket.chat where browser in external window is opened and thus oauth2 login does not work Signed-off-by: Fabian Helm <firlevapz@gmail.com> 2020-02-25 23:40:19 +03:00			`<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>">`
Improve login flow * Add page explaining you are about to grant access * Show grant access page after login Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-06 23:09:20 +03:00			`<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">`
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`</a>`
			`</p>`

Fix loginflow with apptoken enter on iOS It seems iOS doesn't like us to change the location. So now we submit it to the server that geneartes the redirect. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-01-04 22:30:37 +03:00			`<form action="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.apptokenRedirect')); ?>" method="post" id="app-token-login-field" class="hidden">`
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`<p class="grouptop">`
			`<input type="text" name="user" id="user" placeholder="<?php p($l->t('Username')) ?>">`
			`<label for="user" class="infield"><?php p($l->t('Username')) ?></label>`
			`</p>`
			`<p class="groupbottom">`
			`<input type="password" name="password" id="password" placeholder="<?php p($l->t('App token')) ?>">`
			`<label for="password" class="infield"><?php p($l->t('Password')) ?></label>`
			`</p>`
Fix loginflow with apptoken enter on iOS It seems iOS doesn't like us to change the location. So now we submit it to the server that geneartes the redirect. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-01-04 22:30:37 +03:00			`<input type="hidden" name="stateToken" value="<?php p($_['stateToken']) ?>" />`
			`<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>">`
Translate Grant Access Fixes #7038 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-11-01 17:50:34 +03:00			`<input id="submit-app-token-login" type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Grant access')) ?>">`
Fix loginflow with apptoken enter on iOS It seems iOS doesn't like us to change the location. So now we submit it to the server that geneartes the redirect. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-01-04 22:30:37 +03:00			`</form>`
Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-04-24 22:11:48 +03:00			`</div>`

Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`<?php if (empty($_['oauthState'])): ?>`
Improve login flow * Add page explaining you are about to grant access * Show grant access page after login Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2018-04-06 23:09:20 +03:00			`<a id="app-token-login" class="warning" href="#"><?php p($l->t('Alternative log in using app token')) ?></a>`
remove 'Alternative login using app token' in case of oauth login Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-12 13:00:24 +03:00			`<?php endif; ?>`