AuthPicker: redirect oauth client to grant page

Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>

Author: kinolaev

core/Controller/ClientFlowLoginController.php

@@ -41,6 +41,7 @@
 use OCA\OAuth2\Db\ClientMapper;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\StandaloneTemplateResponse;
 use OCP\Defaults;
@@ -166,7 +167,7 @@ private function stateTokenForbiddenResponse() {
 	 *
 	 * @param string $clientIdentifier
 	 *
-	 * @return StandaloneTemplateResponse
+	 * @return StandaloneTemplateResponse|RedirectResponse
 	 */
 	public function showAuthPickerPage($clientIdentifier = '') {
 		$clientName = $this->getClientName();
@@ -201,6 +202,19 @@ public function showAuthPickerPage($clientIdentifier = '') {
 		);
 		$this->session->set(self::STATE_NAME, $stateToken);
 
+		$oauthState = $this->session->get('oauth.state');
+		if (!empty($oauthState)) {
+			$targetUrl = $this->urlGenerator->linkToRoute(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => $stateToken,
+					'clientIdentifier' => $clientIdentifier,
+					'oauthState' => $oauthState
+				]
+			);
+			return new RedirectResponse($targetUrl);
+		}
+
 		$csp = new Http\ContentSecurityPolicy();
 		if ($client) {
 			$csp->addAllowedFormActionDomain($client->getRedirectUri());
@@ -218,7 +232,6 @@ public function showAuthPickerPage($clientIdentifier = '') {
 				'urlGenerator' => $this->urlGenerator,
 				'stateToken' => $stateToken,
 				'serverHost' => $this->getServerPath(),
-				'oauthState' => $this->session->get('oauth.state'),
 			],
 			'guest'
 		);

core/templates/loginflow/authpicker.php

@@ -43,7 +43,7 @@
 	<br/>
 
 	<p id="redirect-link">
-		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier'], 'oauthState' => $_['oauthState']])) ?>">
+		<a href="<?php p($urlGenerator->linkToRoute('core.ClientFlowLogin.grantPage', ['stateToken' => $_['stateToken'], 'clientIdentifier' => $_['clientIdentifier']])) ?>">
 			<input type="submit" class="login primary icon-confirm-white" value="<?php p($l->t('Log in')) ?>">
 		</a>
 	</p>
@@ -63,6 +63,4 @@
 	</form>
 </div>
 
-<?php if (empty($_['oauthState'])): ?>
 <a id="app-token-login" class="warning" href="#"><?php p($l->t('Alternative log in using app token')) ?></a>
-<?php endif; ?>

tests/Core/Controller/ClientFlowLoginControllerTest.php

@@ -159,7 +159,7 @@ public function testShowAuthPickerPageWithOcsHeader() {
 			->expects($this->once())
 			->method('get')
 			->with('oauth.state')
-			->willReturn('OauthStateToken');
+			->willReturn(null);
 		$this->defaults
 			->expects($this->once())
 			->method('getName')
@@ -182,7 +182,6 @@ public function testShowAuthPickerPageWithOcsHeader() {
 				'urlGenerator' => $this->urlGenerator,
 				'stateToken' => 'StateToken',
 				'serverHost' => 'https://example.com',
-				'oauthState' => 'OauthStateToken',
 			],
 			'guest'
 		);
@@ -223,35 +222,19 @@ public function testShowAuthPickerPageWithOauth() {
 			->method('get')
 			->with('oauth.state')
 			->willReturn('OauthStateToken');
-		$this->defaults
+		$this->urlGenerator
 			->expects($this->once())
-			->method('getName')
-			->willReturn('ExampleCloud');
-		$this->request
-			->expects($this->once())
-			->method('getServerHost')
-			->willReturn('example.com');
-		$this->request
-			->method('getServerProtocol')
-			->willReturn('https');
+			->method('linkToRoute')
+			->with(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => 'StateToken',
+					'clientIdentifier' => 'MyClientIdentifier',
+					'oauthState' => 'OauthStateToken'
+				])
+			->willReturn('grantURL');
 
-		$expected = new StandaloneTemplateResponse(
-			'core',
-			'loginflow/authpicker',
-			[
-				'client' => 'My external service',
-				'clientIdentifier' => 'MyClientIdentifier',
-				'instanceName' => 'ExampleCloud',
-				'urlGenerator' => $this->urlGenerator,
-				'stateToken' => 'StateToken',
-				'serverHost' => 'https://example.com',
-				'oauthState' => 'OauthStateToken',
-			],
-			'guest'
-		);
-		$csp = new Http\ContentSecurityPolicy();
-		$csp->addAllowedFormActionDomain('https://example.com/redirect.php');
-		$expected->setContentSecurityPolicy($csp);
+		$expected = new Http\RedirectResponse('grantURL');
 		$this->assertEquals($expected, $this->clientFlowLoginController->showAuthPickerPage('MyClientIdentifier'));
 	}