Compare commits

..

No commits in common. "366abf61b38df07a9508a6794d752e1d9171bfaa" and "c056e0bdfca3e7f3f1867504fcf6eb8a349b8638" have entirely different histories.

View File

@ -36,7 +36,7 @@ class OAuthLoginController
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']); return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
} }
$this->request->session()->set('oauth_payload', [ $this->request->session()->set('oauth_state', [
'redirect_uri' => $redirectUri, 'redirect_uri' => $redirectUri,
'state' => $state, 'state' => $state,
'nonce' => $nonce === null ? '' : $nonce 'nonce' => $nonce === null ? '' : $nonce
@ -49,12 +49,12 @@ class OAuthLoginController
public function finishOauth() public function finishOauth()
{ {
$oAuthPayload = $this->request->session()->get('oauth_payload'); $oauthState = $this->request->session()->get('oauth_state');
if ($oAuthPayload === null) { if ($oauthState === null) {
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']); return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
} }
$this->request->session()->delete('oauth_payload'); $this->request->session()->delete('oauth_state');
/** /**
* @var ?User $user * @var ?User $user
@ -67,16 +67,16 @@ class OAuthLoginController
$code = bin2hex(random_bytes(16)); $code = bin2hex(random_bytes(16));
$token = new OAuthToken(); $token = new OAuthToken();
$token->setNonce($oAuthPayload['nonce']); $token->setNonce($oauthState['nonce']);
$token->setUser($user); $token->setUser($user);
$token->setCode($code); $token->setCode($code);
$token->setCreatedDate(new DateTime()); $token->setCreatedDate(new DateTime());
$token->setExpiresDate(new DateTime('+5 minutes')); $token->setExpiresDate(new DateTime('+5 minutes'));
$this->pdm->saveToDb($token); $this->pdm->saveToDb($token);
$redirectUri = $oAuthPayload['redirect_uri']; $redirectUri = $oauthState['redirect_uri'];
$additionalUriParams = [ $additionalUriParams = [
'state' => $oAuthPayload['state'], 'state' => $oauthState['state'],
'code' => $code 'code' => $code
]; ];
$and = (strpos($redirectUri, '?') !== false) ? '&' : '?'; $and = (strpos($redirectUri, '?') !== false) ? '&' : '?';