mirror of https://github.com/nextcloud/server
fix(auth): Keep redirect URL during 2FA setup and challenge
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
parent
fc560d8ec9
commit
22dc27810e
|
@ -213,13 +213,14 @@ class TwoFactorChallengeController extends Controller {
|
|||
* @NoCSRFRequired
|
||||
*/
|
||||
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge')]
|
||||
public function setupProviders(): StandaloneTemplateResponse {
|
||||
public function setupProviders(?string $redirect_url = null): StandaloneTemplateResponse {
|
||||
$user = $this->userSession->getUser();
|
||||
$setupProviders = $this->twoFactorManager->getLoginSetupProviders($user);
|
||||
|
||||
$data = [
|
||||
'providers' => $setupProviders,
|
||||
'logout_url' => $this->getLogoutUrl(),
|
||||
'redirect_url' => $redirect_url,
|
||||
];
|
||||
|
||||
return new StandaloneTemplateResponse($this->appName, 'twofactorsetupselection', $data, 'guest');
|
||||
|
@ -230,7 +231,7 @@ class TwoFactorChallengeController extends Controller {
|
|||
* @NoCSRFRequired
|
||||
*/
|
||||
#[FrontpageRoute(verb: 'GET', url: 'login/setupchallenge/{providerId}')]
|
||||
public function setupProvider(string $providerId) {
|
||||
public function setupProvider(string $providerId, ?string $redirect_url = null) {
|
||||
$user = $this->userSession->getUser();
|
||||
$providers = $this->twoFactorManager->getLoginSetupProviders($user);
|
||||
|
||||
|
@ -251,6 +252,7 @@ class TwoFactorChallengeController extends Controller {
|
|||
$data = [
|
||||
'provider' => $provider,
|
||||
'logout_url' => $this->getLogoutUrl(),
|
||||
'redirect_url' => $redirect_url,
|
||||
'template' => $tmpl->fetchPage(),
|
||||
];
|
||||
$response = new StandaloneTemplateResponse($this->appName, 'twofactorsetupchallenge', $data, 'guest');
|
||||
|
@ -264,11 +266,12 @@ class TwoFactorChallengeController extends Controller {
|
|||
* @todo handle the extreme edge case of an invalid provider ID and redirect to the provider selection page
|
||||
*/
|
||||
#[FrontpageRoute(verb: 'POST', url: 'login/setupchallenge/{providerId}')]
|
||||
public function confirmProviderSetup(string $providerId) {
|
||||
public function confirmProviderSetup(string $providerId, ?string $redirect_url = null) {
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute(
|
||||
'core.TwoFactorChallenge.showChallenge',
|
||||
[
|
||||
'challengeProviderId' => $providerId,
|
||||
'redirect_url' => $redirect_url,
|
||||
]
|
||||
));
|
||||
}
|
||||
|
|
|
@ -134,8 +134,10 @@ class TwoFactorMiddleware extends Middleware {
|
|||
|
||||
public function afterException($controller, $methodName, Exception $exception) {
|
||||
if ($exception instanceof TwoFactorAuthRequiredException) {
|
||||
$params = [];
|
||||
if (isset($this->request->server['REQUEST_URI'])) {
|
||||
$params = [
|
||||
'redirect_url' => $this->request->getParam('redirect_url'),
|
||||
];
|
||||
if (!isset($params['redirect_url']) && isset($this->request->server['REQUEST_URI'])) {
|
||||
$params['redirect_url'] = $this->request->server['REQUEST_URI'];
|
||||
}
|
||||
return new RedirectResponse($this->urlGenerator->linkToRoute('core.TwoFactorChallenge.selectChallenge', $params));
|
||||
|
|
|
@ -33,6 +33,7 @@ declare(strict_types=1);
|
|||
href="<?php p(\OC::$server->getURLGenerator()->linkToRoute('core.TwoFactorChallenge.setupProvider',
|
||||
[
|
||||
'providerId' => $provider->getId(),
|
||||
'redirect_url' => $_['redirect_url'],
|
||||
]
|
||||
)) ?>">
|
||||
<?php
|
||||
|
|
|
@ -337,7 +337,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
|
|||
$this->assertEquals($expected, $this->controller->solveChallenge('myprovider', 'token', '/url'));
|
||||
}
|
||||
|
||||
public function testSetUpProviders() {
|
||||
public function testSetUpProviders(): void {
|
||||
$user = $this->createMock(IUser::class);
|
||||
$this->userSession->expects($this->once())
|
||||
->method('getUser')
|
||||
|
@ -357,6 +357,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
|
|||
$provider,
|
||||
],
|
||||
'logout_url' => 'logoutAttribute',
|
||||
'redirect_url' => null,
|
||||
],
|
||||
'guest'
|
||||
);
|
||||
|
@ -392,7 +393,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
|
|||
$this->assertEquals($expected, $response);
|
||||
}
|
||||
|
||||
public function testSetUpProvider() {
|
||||
public function testSetUpProvider(): void {
|
||||
$user = $this->createMock(IUser::class);
|
||||
$this->userSession->expects($this->once())
|
||||
->method('getUser')
|
||||
|
@ -426,6 +427,7 @@ class TwoFactorChallengeControllerTest extends TestCase {
|
|||
'provider' => $provider,
|
||||
'logout_url' => 'logoutAttribute',
|
||||
'template' => 'tmpl',
|
||||
'redirect_url' => null,
|
||||
],
|
||||
'guest'
|
||||
);
|
||||
|
@ -435,13 +437,14 @@ class TwoFactorChallengeControllerTest extends TestCase {
|
|||
$this->assertEquals($expected, $response);
|
||||
}
|
||||
|
||||
public function testConfirmProviderSetup() {
|
||||
public function testConfirmProviderSetup(): void {
|
||||
$this->urlGenerator->expects($this->once())
|
||||
->method('linkToRoute')
|
||||
->with(
|
||||
'core.TwoFactorChallenge.showChallenge',
|
||||
[
|
||||
'challengeProviderId' => 'totp',
|
||||
'redirect_url' => null,
|
||||
])
|
||||
->willReturn('2fa/select/page');
|
||||
$expected = new RedirectResponse('2fa/select/page');
|
||||
|
|
Loading…
Reference in New Issue