hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-08 10:34:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-3765_oauth-parms-in-session (#4153)

Browse Source 
PHRAS-3765: fetch parms from session

PHRAS-3765 : fix : pass custom parameters as argument (don't try to hack request)
This commit is contained in:
jygaulier
2022-10-25 12:27:21 +02:00
committed by GitHub
parent 43cd154c87
commit c8e575c1e7
2 changed files with 29 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
lib/classes/API/OAuth2/Adapter.php
View File

@@ -9,7 +9,6 @@
*/
use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Authentication\Exception\AccountLockedException;
use Alchemy\Phrasea\Authentication\Exception\RequireCaptchaException;
use Alchemy\Phrasea\ControllerProvider\Api\V2;
@@ -17,8 +16,8 @@ use Alchemy\Phrasea\Exception\RuntimeException;
use Alchemy\Phrasea\Model\Entities\ApiApplication;
use Alchemy\Phrasea\Model\Entities\User;
use Alchemy\Phrasea\Model\Repositories\ApiApplicationRepository;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -338,20 +337,30 @@ class API_OAuth2_Adapter extends OAuth2
return $this;
}
private function getCustomOrRealParm(Request $request, array $customParms, string $parmName)
{
if(array_key_exists($parmName, $customParms)) {
return $customParms[$parmName];
}
return $request->get($parmName, false);
}
/**
* @param Request $request
* @param Request $request
* @param array $customParms
* @return array
*/
public function getAuthorizationRequestParameters(Request $request)
public function getAuthorizationRequestParameters(Request $request, $customParms = [])
{
$data = [
'response_type' => $request->get('response_type', false),
'client_id' => $request->get('client_id', false),
'redirect_uri' => $request->get('redirect_uri', false),
'response_type' => $this->getCustomOrRealParm($request, $customParms, 'response_type'),
'client_id' => $this->getCustomOrRealParm($request, $customParms, 'client_id'),
'redirect_uri' => $this->getCustomOrRealParm($request, $customParms, 'redirect_uri'),
];
$scope = $request->get('scope', false);
$state = $request->get('state', false);
$scope = $this->getCustomOrRealParm($request, $customParms, 'scope');
$state = $this->getCustomOrRealParm($request, $customParms, 'state');
if ($state) {
$data["state"] = $state;