Merge pull request #21889 from nextcloud/techdebt/noid/make-magic-strings-publicly-available

Make magic strings of ClientFlowLogin and v2 publicly available
This commit is contained in:
Joas Schilling 2020-07-17 13:12:06 +02:00 committed by GitHub
commit 5cd404a504
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 15 deletions

View File

@ -78,7 +78,7 @@ class ClientFlowLoginController extends Controller {
/** @var EventDispatcherInterface */
private $eventDispatcher;
public const stateName = 'client.flow.state.token';
public const STATE_NAME = 'client.flow.state.token';
/**
* @param string $appName
@ -135,7 +135,7 @@ class ClientFlowLoginController extends Controller {
* @return bool
*/
private function isValidToken($stateToken) {
$currentToken = $this->session->get(self::stateName);
$currentToken = $this->session->get(self::STATE_NAME);
if (!is_string($stateToken) || !is_string($currentToken)) {
return false;
}
@ -198,7 +198,7 @@ class ClientFlowLoginController extends Controller {
64,
ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
);
$this->session->set(self::stateName, $stateToken);
$this->session->set(self::STATE_NAME, $stateToken);
$csp = new Http\ContentSecurityPolicy();
if ($client) {
@ -286,11 +286,11 @@ class ClientFlowLoginController extends Controller {
public function generateAppPassword($stateToken,
$clientIdentifier = '') {
if (!$this->isValidToken($stateToken)) {
$this->session->remove(self::stateName);
$this->session->remove(self::STATE_NAME);
return $this->stateTokenForbiddenResponse();
}
$this->session->remove(self::stateName);
$this->session->remove(self::STATE_NAME);
try {
$sessionId = $this->session->getId();
@ -343,7 +343,7 @@ class ClientFlowLoginController extends Controller {
$this->accessTokenMapper->insert($accessToken);
$redirectUri = $client->getRedirectUri();
if (parse_url($redirectUri, PHP_URL_QUERY)) {
$redirectUri .= '&';
} else {

View File

@ -44,8 +44,8 @@ use OCP\IURLGenerator;
use OCP\Security\ISecureRandom;
class ClientFlowLoginV2Controller extends Controller {
private const tokenName = 'client.flow.v2.login.token';
private const stateName = 'client.flow.v2.state.token';
public const TOKEN_NAME = 'client.flow.v2.login.token';
public const STATE_NAME = 'client.flow.v2.state.token';
/** @var LoginFlowV2Service */
private $loginFlowV2Service;
@ -105,7 +105,7 @@ class ClientFlowLoginV2Controller extends Controller {
return $this->loginTokenForbiddenResponse();
}
$this->session->set(self::tokenName, $token);
$this->session->set(self::TOKEN_NAME, $token);
return new RedirectResponse(
$this->urlGenerator->linkToRouteAbsolute('core.ClientFlowLoginV2.showAuthPickerPage')
@ -128,7 +128,7 @@ class ClientFlowLoginV2Controller extends Controller {
64,
ISecureRandom::CHAR_LOWER.ISecureRandom::CHAR_UPPER.ISecureRandom::CHAR_DIGITS
);
$this->session->set(self::stateName, $stateToken);
$this->session->set(self::STATE_NAME, $stateToken);
return new StandaloneTemplateResponse(
$this->appName,
@ -188,11 +188,11 @@ class ClientFlowLoginV2Controller extends Controller {
return $this->loginTokenForbiddenResponse();
}
$loginToken = $this->session->get(self::tokenName);
$loginToken = $this->session->get(self::TOKEN_NAME);
// Clear session variables
$this->session->remove(self::tokenName);
$this->session->remove(self::stateName);
$this->session->remove(self::TOKEN_NAME);
$this->session->remove(self::STATE_NAME);
$sessionId = $this->session->getId();
$result = $this->loginFlowV2Service->flowDone($loginToken, $sessionId, $this->getServerPath(), $this->userId);
@ -240,7 +240,7 @@ class ClientFlowLoginV2Controller extends Controller {
}
private function isValidStateToken(string $stateToken): bool {
$currentToken = $this->session->get(self::stateName);
$currentToken = $this->session->get(self::STATE_NAME);
if (!is_string($stateToken) || !is_string($currentToken)) {
return false;
}
@ -265,7 +265,7 @@ class ClientFlowLoginV2Controller extends Controller {
* @throws LoginFlowV2NotFoundException
*/
private function getFlowByLoginToken(): LoginFlowV2 {
$currentToken = $this->session->get(self::tokenName);
$currentToken = $this->session->get(self::TOKEN_NAME);
if (!is_string($currentToken)) {
throw new LoginFlowV2NotFoundException('Login token not set in session');
}