Merge pull request 'use name 'oauth_payload' for data received from oauth authentication request' (!10) from bugfix/fix-conflicting-session-keys into master
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
All checks were successful
rvr-nextgen/pipeline/head This commit looks good
Reviewed-on: #10
This commit is contained in:
commit
366abf61b3
Signed by:
Gitea
Gitea
GPG Key ID:
7B89B83EED9AD2C6
@ -36,7 +36,7 @@ class OAuthLoginController
|
|||||||
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
|
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->request->session()->set('oauth_state', [
|
$this->request->session()->set('oauth_payload', [
|
||||||
'redirect_uri' => $redirectUri,
|
'redirect_uri' => $redirectUri,
|
||||||
'state' => $state,
|
'state' => $state,
|
||||||
'nonce' => $nonce === null ? '' : $nonce
|
'nonce' => $nonce === null ? '' : $nonce
|
||||||
@ -49,12 +49,12 @@ class OAuthLoginController
|
|||||||
|
|
||||||
public function finishOauth()
|
public function finishOauth()
|
||||||
{
|
{
|
||||||
$oauthState = $this->request->session()->get('oauth_state');
|
$oAuthPayload = $this->request->session()->get('oauth_payload');
|
||||||
if ($oauthState === null) {
|
if ($oAuthPayload === null) {
|
||||||
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
|
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->request->session()->delete('oauth_state');
|
$this->request->session()->delete('oauth_payload');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var ?User $user
|
* @var ?User $user
|
||||||
@ -67,16 +67,16 @@ class OAuthLoginController
|
|||||||
$code = bin2hex(random_bytes(16));
|
$code = bin2hex(random_bytes(16));
|
||||||
|
|
||||||
$token = new OAuthToken();
|
$token = new OAuthToken();
|
||||||
$token->setNonce($oauthState['nonce']);
|
$token->setNonce($oAuthPayload['nonce']);
|
||||||
$token->setUser($user);
|
$token->setUser($user);
|
||||||
$token->setCode($code);
|
$token->setCode($code);
|
||||||
$token->setCreatedDate(new DateTime());
|
$token->setCreatedDate(new DateTime());
|
||||||
$token->setExpiresDate(new DateTime('+5 minutes'));
|
$token->setExpiresDate(new DateTime('+5 minutes'));
|
||||||
$this->pdm->saveToDb($token);
|
$this->pdm->saveToDb($token);
|
||||||
|
|
||||||
$redirectUri = $oauthState['redirect_uri'];
|
$redirectUri = $oAuthPayload['redirect_uri'];
|
||||||
$additionalUriParams = [
|
$additionalUriParams = [
|
||||||
'state' => $oauthState['state'],
|
'state' => $oAuthPayload['state'],
|
||||||
'code' => $code
|
'code' => $code
|
||||||
];
|
];
|
||||||
$and = (strpos($redirectUri, '?') !== false) ? '&' : '?';
|
$and = (strpos($redirectUri, '?') !== false) ? '&' : '?';
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user