esoko/rvr-nextgen
esoko/rvr-nextgen
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Merge pull request 'use name 'oauth_payload' for data received from oauth authentication request' (!10) from bugfix/fix-conflicting-session-keys into master
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
Details

Browse Source 
Reviewed-on: #10
This commit is contained in:
Bence Pőcze 2023-04-08 21:25:57 +02:00 committed by Gitea
commit 366abf61b3
Signed by: Gitea
GPG Key ID: 7B89B83EED9AD2C6
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Controller/OAuthLoginController.php
View File

@ -36,7 +36,7 @@ class OAuthLoginController
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
}
$this->request->session()->set('oauth_state', [
$this->request->session()->set('oauth_payload', [
'redirect_uri' => $redirectUri,
'state' => $state,
'nonce' => $nonce === null ? '' : $nonce
@ -49,12 +49,12 @@ class OAuthLoginController
public function finishOauth()
{
$oauthState = $this->request->session()->get('oauth_state');
if ($oauthState === null) {
$oAuthPayload = $this->request->session()->get('oauth_payload');
if ($oAuthPayload === null) {
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
}
$this->request->session()->delete('oauth_state');
$this->request->session()->delete('oauth_payload');
/**
* @var ?User $user
@ -67,16 +67,16 @@ class OAuthLoginController
$code = bin2hex(random_bytes(16));
$token = new OAuthToken();
$token->setNonce($oauthState['nonce']);
$token->setNonce($oAuthPayload['nonce']);
$token->setUser($user);
$token->setCode($code);
$token->setCreatedDate(new DateTime());
$token->setExpiresDate(new DateTime('+5 minutes'));
$this->pdm->saveToDb($token);
$redirectUri = $oauthState['redirect_uri'];
$redirectUri = $oAuthPayload['redirect_uri'];
$additionalUriParams = [
'state' => $oauthState['state'],
'state' => $oAuthPayload['state'],
'code' => $code
];
$and = (strpos($redirectUri, '?') !== false) ? '&' : '?';