AuthPicker: redirect oauth client to grant page

kinolaev · kinolaev · commit 127a1e616dc7 · 2019-10-07T13:46:33.000+03:00
Signed-off-by: Sergej Nikolaev &lt;kinolaev@gmail.com&gt;
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php
@@ -35,6 +35,7 @@
 use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\StandaloneTemplateResponse;
 use OCP\Defaults;
@@ -195,6 +196,19 @@ public function showAuthPickerPage($clientIdentifier = '') {
 		);
 		$this->session->set(self::stateName, $stateToken);
 
+		$oauthState = $this->session->get('oauth.state');
+		if (!empty($oauthState)) {
+			$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => $stateToken,
+					'clientIdentifier' => $clientIdentifier,
+					'oauthState' => $oauthState
+				]
+			);
+			return new RedirectResponse($targetUrl);
+		}
+
 		$csp = new Http\ContentSecurityPolicy();
 		if ($client) {
 			$csp->addAllowedFormActionDomain($client->getRedirectUri());
@@ -212,7 +226,6 @@ public function showAuthPickerPage($clientIdentifier = '') {
 				'urlGenerator' => $this->urlGenerator,
 				'stateToken' => $stateToken,
 				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
 			],
 			'guest'
 		);
diff --git a/core/templates/loginflow/authpicker.php b/core/templates/loginflow/authpicker.php
@@ -39,7 +39,7 @@
 	<br/>
 
 	<p id="redirect-link">
-		<a href="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>">
+		<a href="<?php p($urlGenerator->linkToRouteAbsolute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier']])) ?>">
 			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
 		</a>
 	</p>
@@ -59,6 +59,4 @@
 	</form>
 </div>
 
-<?php if(empty($_['oauthState'])): ?>
 <a id="app-token-login" class="warning" href="#"><?php p($l->t('Alternative log in using app token')) ?></a>
-<?php endif; ?>
diff --git a/tests/Core/Controller/ClientFlowLoginControllerTest.php b/tests/Core/Controller/ClientFlowLoginControllerTest.php
@@ -159,7 +159,7 @@ public function testShowAuthPickerPageWithOcsHeader() {
 			->expects($this->once())
 			->method('get')
 			->with('oauth.state')
-			->willReturn('OauthStateToken');
+			->willReturn(null);
 		$this->defaults
 			->expects($this->once())
 			->method('getName')
@@ -182,7 +182,6 @@ public function testShowAuthPickerPageWithOcsHeader() {
 				'urlGenerator' => $this->urlGenerator,
 				'stateToken' => 'StateToken',
 				'serverHost' => 'https://example.com',
-				'oauthState' => 'OauthStateToken',
 			],
 			'guest'
 		);
@@ -223,35 +222,19 @@ public function testShowAuthPickerPageWithOauth() {
 			->method('get')
 			->with('oauth.state')
 			->willReturn('OauthStateToken');
-		$this->defaults
+		$this->urlGenerator
 			->expects($this->once())
-			->method('getName')
-			->willReturn('ExampleCloud');
-		$this->request
-			->expects($this->once())
-			->method('getServerHost')
-			->willReturn('example.com');
-		$this->request
-			->method('getServerProtocol')
-			->willReturn('https');
+			->method('linkToRouteAbsolute')
+			->with(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => 'StateToken',
+					'clientIdentifier' => 'MyClientIdentifier',
+					'oauthState' => 'OauthStateToken'
+				])
+			->willReturn('grantURL');
 
-		$expected = new StandaloneTemplateResponse(
-			'core',
-			'loginflow/authpicker',
-			[
-				'client' => 'My external service',
-				'clientIdentifier' => 'MyClientIdentifier',
-				'instanceName' => 'ExampleCloud',
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => 'StateToken',
-				'serverHost' => 'https://example.com',
-				'oauthState' => 'OauthStateToken',
-			],
-			'guest'
-		);
-		$csp = new Http\ContentSecurityPolicy();
-		$csp->addAllowedFormActionDomain('https://example.com/redirect.php');
-		$expected->setContentSecurityPolicy($csp);
+		$expected = new Http\RedirectResponse('grantURL');
 		$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
 	}
 
