mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use the proper server for the apptoken flow login 

If a user can't authenticate normally (because they have 2FA that is not
available on their devices for example). The redirect that is generated
should be of the proper format.

This means

1. Include the protocol
2. Include the possible subfolder

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma 2018-10-31 23:06:08 +01:00
parent 15ef354ace
commit 92582a350d
No known key found for this signature in database
GPG Key ID: F941078878347C0C
2 changed files with 33 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
core/Controller/ClientFlowLoginController.php
View File

@ -197,7 +197,7 @@ class ClientFlowLoginController extends Controller {
'instanceName' => $this->defaults->getName(), 'instanceName' => $this->defaults->getName(),
'urlGenerator' => $this->urlGenerator, 'urlGenerator' => $this->urlGenerator,
'stateToken' => $stateToken, 'stateToken' => $stateToken,
'serverHost' => $this->request->getServerHost(), 'serverHost' => $this->getServerPath(),
'oauthState' => $this->session->get('oauth.state'), 'oauthState' => $this->session->get('oauth.state'),
], ],
'guest' 'guest'
@ -235,7 +235,7 @@ class ClientFlowLoginController extends Controller {
'instanceName' => $this->defaults->getName(), 'instanceName' => $this->defaults->getName(),
'urlGenerator' => $this->urlGenerator, 'urlGenerator' => $this->urlGenerator,
'stateToken' => $stateToken, 'stateToken' => $stateToken,
'serverHost' => $this->request->getServerHost(), 'serverHost' => $this->getServerPath(),
'oauthState' => $this->session->get('oauth.state'), 'oauthState' => $this->session->get('oauth.state'),
], ],
'guest' 'guest'
@ -345,27 +345,7 @@ class ClientFlowLoginController extends Controller {
); );
$this->session->remove('oauth.state'); $this->session->remove('oauth.state');
} else { } else {
$serverPostfix = ''; $redirectUri = 'nc://login/server:' . $this->getServerPath() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
} else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
}
$protocol = $this->request->getServerProtocol();
if ($protocol !== "https") {
$xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
$xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
$protocol = 'https';
}
}
$serverPath = $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
$redirectUri = 'nc://login/server:' . $serverPath . '&user:' . urlencode($loginName) . '&password:' . urlencode($token);
// Clear the token from the login here // Clear the token from the login here
$this->tokenProvider->invalidateToken($sessionId); $this->tokenProvider->invalidateToken($sessionId);
@ -373,4 +353,26 @@ class ClientFlowLoginController extends Controller {
return new Http\RedirectResponse($redirectUri); return new Http\RedirectResponse($redirectUri);
} }
private function getServerPath(): string {
$serverPostfix = '';
if (strpos($this->request->getRequestUri(), '/index.php') !== false) {
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/index.php'));
} else if (strpos($this->request->getRequestUri(), '/login/flow') !== false) {
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), '/login/flow'));
}
$protocol = $this->request->getServerProtocol();
if ($protocol !== "https") {
$xForwardedProto = $this->request->getHeader('X-Forwarded-Proto');
$xForwardedSSL = $this->request->getHeader('X-Forwarded-Ssl');
if ($xForwardedProto === 'https' || $xForwardedSSL === 'on') {
$protocol = 'https';
}
}
return $protocol . "://" . $this->request->getServerHost() . $serverPostfix;
}
} }

10
tests/Core/Controller/ClientFlowLoginControllerTest.php
View File

@ -162,6 +162,9 @@ class ClientFlowLoginControllerTest extends TestCase {
->expects($this->once()) ->expects($this->once())
->method('getServerHost') ->method('getServerHost')
->willReturn('example.com'); ->willReturn('example.com');
$this->request
->method('getServerProtocol')
->willReturn('https');
$expected = new TemplateResponse( $expected = new TemplateResponse(
'core', 'core',
@ -172,7 +175,7 @@ class ClientFlowLoginControllerTest extends TestCase {
'instanceName' => 'ExampleCloud', 'instanceName' => 'ExampleCloud',
'urlGenerator' => $this->urlGenerator, 'urlGenerator' => $this->urlGenerator,
'stateToken' => 'StateToken', 'stateToken' => 'StateToken',
'serverHost' => 'example.com', 'serverHost' => 'https://example.com',
'oauthState' => 'OauthStateToken', 'oauthState' => 'OauthStateToken',
], ],
'guest' 'guest'
@ -218,6 +221,9 @@ class ClientFlowLoginControllerTest extends TestCase {
->expects($this->once()) ->expects($this->once())
->method('getServerHost') ->method('getServerHost')
->willReturn('example.com'); ->willReturn('example.com');
$this->request
->method('getServerProtocol')
->willReturn('https');
$expected = new TemplateResponse( $expected = new TemplateResponse(
'core', 'core',
@ -228,7 +234,7 @@ class ClientFlowLoginControllerTest extends TestCase {
'instanceName' => 'ExampleCloud', 'instanceName' => 'ExampleCloud',
'urlGenerator' => $this->urlGenerator, 'urlGenerator' => $this->urlGenerator,
'stateToken' => 'StateToken', 'stateToken' => 'StateToken',
'serverHost' => 'example.com', 'serverHost' => 'https://example.com',
'oauthState' => 'OauthStateToken', 'oauthState' => 'OauthStateToken',
], ],
'guest' 'guest'