Page MenuHomePhorge
Files F117531426

D5868.1774855431.diff
No OneTemporary
Actions

Authored By
Unknown
Size
4 KB
Referenced Files
None
Subscribers
None

D5868.1774855431.diff
View Options

diff --git a/src/app/Auth/OAuth.php b/src/app/Auth/OAuth.php
--- a/src/app/Auth/OAuth.php
+++ b/src/app/Auth/OAuth.php
@@ -57,8 +57,13 @@
if ($clientId && $use_cache && $request->ifSeen) {
$client = PassportClient::find($clientId);
- if ($client && !Cache::has($cacheKey)) {
- throw new \Exception('Not seen yet');
+ if ($client) {
+ // System clients are trusted, don't need approval
+ if (!$client->user_id) {
+ $use_cache = false;
+ } elseif (!Cache::has($cacheKey)) {
+ throw new \Exception('Not seen yet');
+ }
}
}
diff --git a/src/resources/vue/Authorize.vue b/src/resources/vue/Authorize.vue
--- a/src/resources/vue/Authorize.vue
+++ b/src/resources/vue/Authorize.vue
@@ -91,7 +91,8 @@
}
})
.catch(error => {
- if (!(redirect = error.response.data)) {
+ redirect = error.response.data
+ if (!redirect || !redirect.redirectUrl) {
this.$root.errorHandler(error)
}
})
diff --git a/src/tests/Browser/AuthorizeTest.php b/src/tests/Browser/AuthorizeTest.php
--- a/src/tests/Browser/AuthorizeTest.php
+++ b/src/tests/Browser/AuthorizeTest.php
@@ -18,10 +18,11 @@
parent::setUp();
// Create a client for tests
+ $user = $this->getTestUser('john@kolab.org');
$this->client = PassportClient::firstOrCreate(
- ['id' => 'test'],
+ ['id' => 'test' . base64_encode(random_bytes(4))],
[
- 'user_id' => null,
+ 'user_id' => $user->id,
'name' => 'Test',
'secret' => '123',
'provider' => 'users',
diff --git a/src/tests/Feature/Controller/AuthTest.php b/src/tests/Feature/Controller/AuthTest.php
--- a/src/tests/Feature/Controller/AuthTest.php
+++ b/src/tests/Feature/Controller/AuthTest.php
@@ -12,6 +12,7 @@
class AuthTest extends TestCase
{
private $expectedExpiry;
+ private $client;
/**
* Reset all authentication guards to clear any cache users
@@ -52,6 +53,10 @@
'password_expired' => null,
]);
+ if ($this->client) {
+ $this->client->delete();
+ }
+
parent::tearDown();
}
@@ -497,6 +502,7 @@
$host = parse_url(Utils::serviceUrl('/'), \PHP_URL_HOST);
$_SERVER['HTTP_HOST'] = $host;
+ // Test trusted client
$user = $this->getTestUser('UsersControllerTest1@userscontroller.com');
$client = PassportClient::find(\config('auth.sso.client_id'));
@@ -514,14 +520,42 @@
$json = $response->json();
+ $this->assertSame('success', $json['status']);
+ $this->assertTrue(!empty($json['redirectUrl']));
+
+ // Test non-trusted client
+ $this->client = PassportClient::firstOrCreate(
+ ['id' => 'test' . base64_encode(random_bytes(4))],
+ [
+ 'user_id' => $user->id,
+ 'name' => 'Test',
+ 'secret' => '123',
+ 'provider' => 'users',
+ 'redirect' => Utils::serviceUrl('support'),
+ 'personal_access_client' => 0,
+ 'password_client' => 0,
+ 'revoked' => false,
+ 'allowed_scopes' => ['email', 'auth.token', 'openid'],
+ ]
+ );
+
+ $post['client_id'] = $this->client->id;
+ $post['scope'] = 'openid email auth.token';
+
+ $response = $this->actingAs($user)->post("api/oauth/approve", $post);
+ $response->assertStatus(200);
+
+ $json = $response->json();
+
$claims = [
+ 'openid' => 'See your email/id via a standard authorization token (OIDC)',
'email' => 'See your email address',
'auth.token' => 'Have read and write access to all your data',
];
$this->assertSame('prompt', $json['status']);
- $this->assertSame($client->name, $json['client']['name']);
- $this->assertSame($client->redirect, $json['client']['url']);
+ $this->assertSame($this->client->name, $json['client']['name']);
+ $this->assertSame($this->client->redirect, $json['client']['url']);
$this->assertSame($claims, $json['client']['claims']);
// Approve the request

File Metadata

Mime Type
text/plain
Expires
Mon, Mar 30, 7:23 AM (2 d, 14 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18796152
Default Alt Text
D5868.1774855431.diff (4 KB)

Event Timeline