diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index 23bd42a0f1..ab9d98df8d 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -204,6 +204,44 @@ class ClientFlowLoginController extends Controller { ); } + /** + * @NoAdminRequired + * @NoCSRFRequired + * @UseSession + * + * @param string $stateToken + * @param string $clientIdentifier + * @return TemplateResponse + */ + public function grantPage($stateToken = '', + $clientIdentifier = '') { + if(!$this->isValidToken($stateToken)) { + return $this->stateTokenForbiddenResponse(); + } + + $clientName = $this->getClientName(); + $client = null; + if($clientIdentifier !== '') { + $client = $this->clientMapper->getByIdentifier($clientIdentifier); + $clientName = $client->getName(); + } + + return new TemplateResponse( + $this->appName, + 'loginflow/grant', + [ + 'client' => $clientName, + 'clientIdentifier' => $clientIdentifier, + 'instanceName' => $this->defaults->getName(), + 'urlGenerator' => $this->urlGenerator, + 'stateToken' => $stateToken, + 'serverHost' => $this->request->getServerHost(), + 'oauthState' => $this->session->get('oauth.state'), + ], + 'guest' + ); + } + /** * @NoAdminRequired * @NoCSRFRequired diff --git a/core/routes.php b/core/routes.php index 1c7be78bc7..cc1bd34d89 100644 --- a/core/routes.php +++ b/core/routes.php @@ -54,6 +54,7 @@ $application->registerRoutes($this, [ ['name' => 'ClientFlowLogin#showAuthPickerPage', 'url' => '/login/flow', 'verb' => 'GET'], ['name' => 'ClientFlowLogin#redirectPage', 'url' => '/login/flow/redirect', 'verb' => 'GET'], ['name' => 'ClientFlowLogin#generateAppPassword', 'url' => '/login/flow', 'verb' => 'POST'], + ['name' => 'ClientFlowLogin#grantPage', 'url' => '/login/flow/grant', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#selectChallenge', 'url' => '/login/selectchallenge', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#showChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'GET'], ['name' => 'TwoFactorChallenge#solveChallenge', 'url' => '/login/challenge/{challengeProviderId}', 'verb' => 'POST'], diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php index 1858f8bcb6..4e2282a180 100644 --- a/core/templates/loginflow/authpicker.php +++ b/core/templates/loginflow/authpicker.php @@ -28,9 +28,9 @@ $urlGenerator = $_['urlGenerator']; ?>
-

t('Account access')) ?>

+

t('Connect to your account')) ?>

- t('You are about to grant %s access to your %s account.', [ + t('Please log in before granting %s access to your %s account.', [ '' . \OCP\Util::sanitizeHTML($_['client']) . '', \OCP\Util::sanitizeHTML($_['instanceName']) ])) ?> @@ -39,8 +39,8 @@ $urlGenerator = $_['urlGenerator'];

@@ -59,5 +59,5 @@ $urlGenerator = $_['urlGenerator'];
-t('Alternative login using app token')) ?> +t('Alternative log in using app token')) ?> diff --git a/core/templates/loginflow/grant.php b/core/templates/loginflow/grant.php new file mode 100644 index 0000000000..6278e910bd --- /dev/null +++ b/core/templates/loginflow/grant.php @@ -0,0 +1,46 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +script('core', 'login/authpicker'); +style('core', 'login/authpicker'); + +/** @var array $_ */ +/** @var \OCP\IURLGenerator $urlGenerator */ +$urlGenerator = $_['urlGenerator']; +?> + +
+

t('Account access')) ?>

+

+ t('You are about to grant %s access to your %s account.', [ + '' . \OCP\Util::sanitizeHTML($_['client']) . '', + \OCP\Util::sanitizeHTML($_['instanceName']) + ])) ?> +

+ +
+ + +