hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-08 18:44:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

PHRAS-3765_oauth-parms-in-session (#4153)

Browse Source 
PHRAS-3765: fetch parms from session

PHRAS-3765 : fix : pass custom parameters as argument (don't try to hack request)
This commit is contained in:
jygaulier
2022-10-25 12:27:21 +02:00
committed by GitHub
parent 43cd154c87
commit c8e575c1e7
2 changed files with 29 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller.php
View File

@@ -197,7 +197,17 @@ class OAuth2Controller extends Controller
{ {
$context = new Context(Context::CONTEXT_OAUTH2_NATIVE); $context = new Context(Context::CONTEXT_OAUTH2_NATIVE);
$provider = $this->findProvider($providerId); $provider = $this->findProvider($providerId);
$params = $this->oAuth2Adapter->getAuthorizationRequestParameters($request);
/*
* some api client (parade) did want to pass parameters into oauth2 callback url
* but we prevent this for openid
* The parameters can be passed in session, we restore them
*/
$customParms = $this->getSession()->get($provider->getId() . '.parms', []);
if(!is_array($customParms)) {
$customParms = [];
}
$params = $this->oAuth2Adapter->getAuthorizationRequestParameters($request, $customParms);
// triggers what's necessary // triggers what's necessary
try { try {

27
lib/classes/API/OAuth2/Adapter.php
View File

@@ -9,7 +9,6 @@
*/ */
use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Application;
use Alchemy\Phrasea\Authentication\Exception\AccountLockedException; use Alchemy\Phrasea\Authentication\Exception\AccountLockedException;
use Alchemy\Phrasea\Authentication\Exception\RequireCaptchaException; use Alchemy\Phrasea\Authentication\Exception\RequireCaptchaException;
use Alchemy\Phrasea\ControllerProvider\Api\V2; use Alchemy\Phrasea\ControllerProvider\Api\V2;
@@ -17,8 +16,8 @@ use Alchemy\Phrasea\Exception\RuntimeException;
use Alchemy\Phrasea\Model\Entities\ApiApplication; use Alchemy\Phrasea\Model\Entities\ApiApplication;
use Alchemy\Phrasea\Model\Entities\User; use Alchemy\Phrasea\Model\Entities\User;
use Alchemy\Phrasea\Model\Repositories\ApiApplicationRepository; use Alchemy\Phrasea\Model\Repositories\ApiApplicationRepository;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
@@ -338,20 +337,30 @@ class API_OAuth2_Adapter extends OAuth2
return $this; return $this;
} }
private function getCustomOrRealParm(Request $request, array $customParms, string $parmName)
{
if(array_key_exists($parmName, $customParms)) {
return $customParms[$parmName];
}
return $request->get($parmName, false);
}
/** /**
* @param Request $request * @param Request $request
* @param array $customParms
* @return array * @return array
*/ */
public function getAuthorizationRequestParameters(Request $request) public function getAuthorizationRequestParameters(Request $request, $customParms = [])
{ {
$data = [ $data = [
'response_type' => $request->get('response_type', false), 'response_type' => $this->getCustomOrRealParm($request, $customParms, 'response_type'),
'client_id' => $request->get('client_id', false), 'client_id' => $this->getCustomOrRealParm($request, $customParms, 'client_id'),
'redirect_uri' => $request->get('redirect_uri', false), 'redirect_uri' => $this->getCustomOrRealParm($request, $customParms, 'redirect_uri'),
]; ];
$scope = $request->get('scope', false); $scope = $this->getCustomOrRealParm($request, $customParms, 'scope');
$state = $request->get('state', false); $state = $this->getCustomOrRealParm($request, $customParms, 'state');
if ($state) { if ($state) {
$data["state"] = $state; $data["state"] = $state;