From 543fabe27919df81e79a16644fe4eedf9eceb07c Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Fri, 17 Jul 2020 09:05:16 +0200
Subject: [PATCH] Make magic strings of ClientFlowLogin and v2 publicly
 available

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 core/Controller/ClientFlowLoginController.php  | 12 ++++++------
 .../Controller/ClientFlowLoginV2Controller.php | 18 +++++++++---------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
index 80cf94a790..12c01cba65 100644
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@@ -78,7 +78,7 @@ class ClientFlowLoginController extends Controller {
 	/** @var EventDispatcherInterface */
 	private $eventDispatcher;
 
-	public const stateName = 'client.flow.state.token';
+	public const STATE_NAME = 'client.flow.state.token';
 
 	/**
 	 * @param string $appName
@@ -135,7 +135,7 @@ class ClientFlowLoginController extends Controller {
 	 * @return bool
 	 */
 	private function isValidToken($stateToken) {
-		$currentToken = $this->session->get(self::stateName);
+		$currentToken = $this->session->get(self::STATE_NAME);
 		if (!is_string($stateToken) || !is_string($currentToken)) {
 			return false;
 		}
@@ -198,7 +198,7 @@ class ClientFlowLoginController extends Controller {
 			64,
 			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
 		);
-		$this->session->set(self::stateName, $stateToken);
+		$this->session->set(self::STATE_NAME, $stateToken);
 
 		$csp = new Http\ContentSecurityPolicy();
 		if ($client) {
@@ -286,11 +286,11 @@ class ClientFlowLoginController extends Controller {
 	public function generateAppPassword($stateToken,
 										$clientIdentifier = '') {
 		if (!$this->isValidToken($stateToken)) {
-			$this->session->remove(self::stateName);
+			$this->session->remove(self::STATE_NAME);
 			return $this->stateTokenForbiddenResponse();
 		}
 
-		$this->session->remove(self::stateName);
+		$this->session->remove(self::STATE_NAME);
 
 		try {
 			$sessionId = $this->session->getId();
@@ -343,7 +343,7 @@ class ClientFlowLoginController extends Controller {
 			$this->accessTokenMapper->insert($accessToken);
 
 			$redirectUri = $client->getRedirectUri();
-			
+
 			if (parse_url($redirectUri, PHP_URL_QUERY)) {
 				$redirectUri .= '&';
 			} else {
diff --git a/core/Controller/ClientFlowLoginV2Controller.php b/core/Controller/ClientFlowLoginV2Controller.php
index d5b50dd413..e364453139 100644
--- a/core/Controller/ClientFlowLoginV2Controller.php
+++ b/core/Controller/ClientFlowLoginV2Controller.php
@@ -44,8 +44,8 @@ use OCP\IURLGenerator;
 use OCP\Security\ISecureRandom;
 
 class ClientFlowLoginV2Controller extends Controller {
-	private const tokenName = 'client.flow.v2.login.token';
-	private const stateName = 'client.flow.v2.state.token';
+	public const TOKEN_NAME = 'client.flow.v2.login.token';
+	public const STATE_NAME = 'client.flow.v2.state.token';
 
 	/** @var LoginFlowV2Service */
 	private $loginFlowV2Service;
@@ -105,7 +105,7 @@ class ClientFlowLoginV2Controller extends Controller {
 			return $this->loginTokenForbiddenResponse();
 		}
 
-		$this->session->set(self::tokenName, $token);
+		$this->session->set(self::TOKEN_NAME, $token);
 
 		return new RedirectResponse(
 			$this->urlGenerator->linkToRouteAbsolute('core.ClientFlowLoginV2.showAuthPickerPage')
@@ -128,7 +128,7 @@ class ClientFlowLoginV2Controller extends Controller {
 			64,
 			ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
 		);
-		$this->session->set(self::stateName, $stateToken);
+		$this->session->set(self::STATE_NAME, $stateToken);
 
 		return new StandaloneTemplateResponse(
 			$this->appName,
@@ -188,11 +188,11 @@ class ClientFlowLoginV2Controller extends Controller {
 			return $this->loginTokenForbiddenResponse();
 		}
 
-		$loginToken = $this->session->get(self::tokenName);
+		$loginToken = $this->session->get(self::TOKEN_NAME);
 
 		// Clear session variables
-		$this->session->remove(self::tokenName);
-		$this->session->remove(self::stateName);
+		$this->session->remove(self::TOKEN_NAME);
+		$this->session->remove(self::STATE_NAME);
 		$sessionId = $this->session->getId();
 
 		$result = $this->loginFlowV2Service->flowDone($loginToken, $sessionId, $this->getServerPath(), $this->userId);
@@ -240,7 +240,7 @@ class ClientFlowLoginV2Controller extends Controller {
 	}
 
 	private function isValidStateToken(string $stateToken): bool {
-		$currentToken = $this->session->get(self::stateName);
+		$currentToken = $this->session->get(self::STATE_NAME);
 		if (!is_string($stateToken) || !is_string($currentToken)) {
 			return false;
 		}
@@ -265,7 +265,7 @@ class ClientFlowLoginV2Controller extends Controller {
 	 * @throws LoginFlowV2NotFoundException
 	 */
 	private function getFlowByLoginToken(): LoginFlowV2 {
-		$currentToken = $this->session->get(self::tokenName);
+		$currentToken = $this->session->get(self::TOKEN_NAME);
 		if (!is_string($currentToken)) {
 			throw new LoginFlowV2NotFoundException('Login token not set in session');
 		}