Fail gracefull if an unkown oauth2 client tries to authenticate
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
bc35bf14f0
commit
1e6711305a
|
@ -22,8 +22,12 @@
|
||||||
namespace OCA\OAuth2\Controller;
|
namespace OCA\OAuth2\Controller;
|
||||||
|
|
||||||
use OCA\OAuth2\Db\ClientMapper;
|
use OCA\OAuth2\Db\ClientMapper;
|
||||||
|
use OCA\OAuth2\Exceptions\ClientNotFoundException;
|
||||||
use OCP\AppFramework\Controller;
|
use OCP\AppFramework\Controller;
|
||||||
use OCP\AppFramework\Http\RedirectResponse;
|
use OCP\AppFramework\Http\RedirectResponse;
|
||||||
|
use OCP\AppFramework\Http\Response;
|
||||||
|
use OCP\AppFramework\Http\TemplateResponse;
|
||||||
|
use OCP\IL10N;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
use OCP\IURLGenerator;
|
use OCP\IURLGenerator;
|
||||||
|
@ -35,6 +39,8 @@ class LoginRedirectorController extends Controller {
|
||||||
private $clientMapper;
|
private $clientMapper;
|
||||||
/** @var ISession */
|
/** @var ISession */
|
||||||
private $session;
|
private $session;
|
||||||
|
/** @var IL10N */
|
||||||
|
private $l;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param string $appName
|
* @param string $appName
|
||||||
|
@ -42,16 +48,19 @@ class LoginRedirectorController extends Controller {
|
||||||
* @param IURLGenerator $urlGenerator
|
* @param IURLGenerator $urlGenerator
|
||||||
* @param ClientMapper $clientMapper
|
* @param ClientMapper $clientMapper
|
||||||
* @param ISession $session
|
* @param ISession $session
|
||||||
|
* @param IL10N $l
|
||||||
*/
|
*/
|
||||||
public function __construct($appName,
|
public function __construct($appName,
|
||||||
IRequest $request,
|
IRequest $request,
|
||||||
IURLGenerator $urlGenerator,
|
IURLGenerator $urlGenerator,
|
||||||
ClientMapper $clientMapper,
|
ClientMapper $clientMapper,
|
||||||
ISession $session) {
|
ISession $session,
|
||||||
|
IL10N $l) {
|
||||||
parent::__construct($appName, $request);
|
parent::__construct($appName, $request);
|
||||||
$this->urlGenerator = $urlGenerator;
|
$this->urlGenerator = $urlGenerator;
|
||||||
$this->clientMapper = $clientMapper;
|
$this->clientMapper = $clientMapper;
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
|
$this->l = $l;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -62,12 +71,20 @@ class LoginRedirectorController extends Controller {
|
||||||
* @param string $client_id
|
* @param string $client_id
|
||||||
* @param string $state
|
* @param string $state
|
||||||
* @param string $response_type
|
* @param string $response_type
|
||||||
* @return RedirectResponse
|
* @return Response
|
||||||
*/
|
*/
|
||||||
public function authorize($client_id,
|
public function authorize($client_id,
|
||||||
$state,
|
$state,
|
||||||
$response_type) {
|
$response_type) {
|
||||||
$client = $this->clientMapper->getByIdentifier($client_id);
|
try {
|
||||||
|
$client = $this->clientMapper->getByIdentifier($client_id);
|
||||||
|
} catch (ClientNotFoundException $e) {
|
||||||
|
$response = new TemplateResponse('core', '404', 'guest');
|
||||||
|
$response->setParams([
|
||||||
|
'content' => $this->l->t('Your client is not authorized to connect. Please inform the administrator of your client.'),
|
||||||
|
]);
|
||||||
|
return $response;
|
||||||
|
}
|
||||||
|
|
||||||
if ($response_type !== 'code') {
|
if ($response_type !== 'code') {
|
||||||
//Fail
|
//Fail
|
||||||
|
|
|
@ -26,6 +26,7 @@ use OCA\OAuth2\Controller\LoginRedirectorController;
|
||||||
use OCA\OAuth2\Db\Client;
|
use OCA\OAuth2\Db\Client;
|
||||||
use OCA\OAuth2\Db\ClientMapper;
|
use OCA\OAuth2\Db\ClientMapper;
|
||||||
use OCP\AppFramework\Http\RedirectResponse;
|
use OCP\AppFramework\Http\RedirectResponse;
|
||||||
|
use OCP\IL10N;
|
||||||
use OCP\IRequest;
|
use OCP\IRequest;
|
||||||
use OCP\ISession;
|
use OCP\ISession;
|
||||||
use OCP\IURLGenerator;
|
use OCP\IURLGenerator;
|
||||||
|
@ -44,6 +45,8 @@ class LoginRedirectorControllerTest extends TestCase {
|
||||||
private $session;
|
private $session;
|
||||||
/** @var LoginRedirectorController */
|
/** @var LoginRedirectorController */
|
||||||
private $loginRedirectorController;
|
private $loginRedirectorController;
|
||||||
|
/** @var IL10N */
|
||||||
|
private $l;
|
||||||
|
|
||||||
public function setUp() {
|
public function setUp() {
|
||||||
parent::setUp();
|
parent::setUp();
|
||||||
|
@ -52,13 +55,15 @@ class LoginRedirectorControllerTest extends TestCase {
|
||||||
$this->urlGenerator = $this->createMock(IURLGenerator::class);
|
$this->urlGenerator = $this->createMock(IURLGenerator::class);
|
||||||
$this->clientMapper = $this->createMock(ClientMapper::class);
|
$this->clientMapper = $this->createMock(ClientMapper::class);
|
||||||
$this->session = $this->createMock(ISession::class);
|
$this->session = $this->createMock(ISession::class);
|
||||||
|
$this->l = $this->createMock(IL10N::class);
|
||||||
|
|
||||||
$this->loginRedirectorController = new LoginRedirectorController(
|
$this->loginRedirectorController = new LoginRedirectorController(
|
||||||
'oauth2',
|
'oauth2',
|
||||||
$this->request,
|
$this->request,
|
||||||
$this->urlGenerator,
|
$this->urlGenerator,
|
||||||
$this->clientMapper,
|
$this->clientMapper,
|
||||||
$this->session
|
$this->session,
|
||||||
|
$this->l
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue