mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fail gracefull if an unkown oauth2 client tries to authenticate 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-12-06 15:23:28 +01:00
parent bc35bf14f0
commit 1e6711305a
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 26 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
apps/oauth2/lib/Controller/LoginRedirectorController.php
View File

@ -22,8 +22,12 @@
namespace OCA\OAuth2\Controller; namespace OCA\OAuth2\Controller;
use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Db\ClientMapper;
use OCA\OAuth2\Exceptions\ClientNotFoundException;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IL10N;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IURLGenerator; use OCP\IURLGenerator;
@ -35,6 +39,8 @@ class LoginRedirectorController extends Controller {
private $clientMapper; private $clientMapper;
/** @var ISession */ /** @var ISession */
private $session; private $session;
/** @var IL10N */
private $l;
/** /**
* @param string $appName * @param string $appName
@ -42,16 +48,19 @@ class LoginRedirectorController extends Controller {
* @param IURLGenerator $urlGenerator * @param IURLGenerator $urlGenerator
* @param ClientMapper $clientMapper * @param ClientMapper $clientMapper
* @param ISession $session * @param ISession $session
* @param IL10N $l
*/ */
public function __construct($appName, public function __construct($appName,
IRequest $request, IRequest $request,
IURLGenerator $urlGenerator, IURLGenerator $urlGenerator,
ClientMapper $clientMapper, ClientMapper $clientMapper,
ISession $session) { ISession $session,
IL10N $l) {
parent::__construct($appName, $request); parent::__construct($appName, $request);
$this->urlGenerator = $urlGenerator; $this->urlGenerator = $urlGenerator;
$this->clientMapper = $clientMapper; $this->clientMapper = $clientMapper;
$this->session = $session; $this->session = $session;
$this->l = $l;
} }
/** /**
@ -62,12 +71,20 @@ class LoginRedirectorController extends Controller {
* @param string $client_id * @param string $client_id
* @param string $state * @param string $state
* @param string $response_type * @param string $response_type
* @return RedirectResponse * @return Response
*/ */
public function authorize($client_id, public function authorize($client_id,
$state, $state,
$response_type) { $response_type) {
$client = $this->clientMapper->getByIdentifier($client_id); try {
$client = $this->clientMapper->getByIdentifier($client_id);
} catch (ClientNotFoundException $e) {
$response = new TemplateResponse('core', '404', 'guest');
$response->setParams([
'content' => $this->l->t('Your client is not authorized to connect. Please inform the administrator of your client.'),
]);
return $response;
}
if ($response_type !== 'code') { if ($response_type !== 'code') {
//Fail //Fail

7
apps/oauth2/tests/Controller/LoginRedirectorControllerTest.php
View File

@ -26,6 +26,7 @@ use OCA\OAuth2\Controller\LoginRedirectorController;
use OCA\OAuth2\Db\Client; use OCA\OAuth2\Db\Client;
use OCA\OAuth2\Db\ClientMapper; use OCA\OAuth2\Db\ClientMapper;
use OCP\AppFramework\Http\RedirectResponse; use OCP\AppFramework\Http\RedirectResponse;
use OCP\IL10N;
use OCP\IRequest; use OCP\IRequest;
use OCP\ISession; use OCP\ISession;
use OCP\IURLGenerator; use OCP\IURLGenerator;
@ -44,6 +45,8 @@ class LoginRedirectorControllerTest extends TestCase {
private $session; private $session;
/** @var LoginRedirectorController */ /** @var LoginRedirectorController */
private $loginRedirectorController; private $loginRedirectorController;
/** @var IL10N */
private $l;
public function setUp() { public function setUp() {
parent::setUp(); parent::setUp();
@ -52,13 +55,15 @@ class LoginRedirectorControllerTest extends TestCase {
$this->urlGenerator = $this->createMock(IURLGenerator::class); $this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->clientMapper = $this->createMock(ClientMapper::class); $this->clientMapper = $this->createMock(ClientMapper::class);
$this->session = $this->createMock(ISession::class); $this->session = $this->createMock(ISession::class);
$this->l = $this->createMock(IL10N::class);
$this->loginRedirectorController = new LoginRedirectorController( $this->loginRedirectorController = new LoginRedirectorController(
'oauth2', 'oauth2',
$this->request, $this->request,
$this->urlGenerator, $this->urlGenerator,
$this->clientMapper, $this->clientMapper,
$this->session $this->session,
$this->l
); );
} }