Commit Graph

14 Commits

Author SHA1 Message Date
Joas Schilling ebedbf1579
Merge pull request #19646 from firlevapz/bugfix/19400/oauth2-login-opens-new-browser-window
Change OAuth2 redirect link to relative link
2020-07-01 09:39:55 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Fabian Helm 5b1bb3703a Change OAuth2 redirect link to relative link
fix issue with third-party apps like rocket.chat
where browser in external window is opened
and thus oauth2 login does not work

Signed-off-by: Fabian Helm <firlevapz@gmail.com>
2020-02-25 21:51:58 +01:00
Roeland Jago Douma e6ac233947
Fix loginflow with apptoken enter on iOS
It seems iOS doesn't like us to change the location. So now we submit it
to the server that geneartes the redirect.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-04 21:51:36 +01:00
Joas Schilling ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Roeland Jago Douma 177c8972cc
Improve login flow
* Add page explaining you are about to grant access
* Show grant access page after login

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-08 13:42:36 +02:00
Roeland Jago Douma f2d4c64c9a
Translate Grant Access
Fixes #7038

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-01 15:50:34 +01:00
Morris Jobke 44c6745159 Remove quotes around device name
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-14 11:48:56 +02:00
Morris Jobke bd43758118 Highlight client identifier in auth grant page
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-14 10:42:19 +02:00
Jan-Christoph Borchardt ebdfcb1fe3 Add heading to account access page
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-08-12 19:29:49 +02:00
Bjoern Schiessle 3775b14c4c
remove 'Alternative login using app token' in case of oauth login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:05 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00