feat(oauth2): Skip page before login as well for authorized applications

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
10 months ago · e7be008dc1
parent 9b366c65d4
commit e7be008dc1
2 changed files with 28 additions and 7 deletions
--- a/apps/oauth2/lib/Controller/LoginRedirectorController.php
+++ b/apps/oauth2/lib/Controller/LoginRedirectorController.php
@ -8,6 +8,7 @@ declare(strict_types=1);
 */
 namespace OCA\OAuth2\Controller;

+use OC\Core\Controller\ClientFlowLoginController;
 use OCA\OAuth2\Db\ClientMapper;
 use OCA\OAuth2\Exceptions\ClientNotFoundException;
 use OCP\AppFramework\Controller;
@ -18,10 +19,12 @@ use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\Attribute\UseSession;
 use OCP\AppFramework\Http\RedirectResponse;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IAppConfig;
 use OCP\IL10N;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IURLGenerator;
+use OCP\Security\ISecureRandom;

 #[OpenAPI(scope: OpenAPI::SCOPE_DEFAULT)]
 class LoginRedirectorController extends Controller {
@ -40,6 +43,8 @@ class LoginRedirectorController extends Controller {
 		private ClientMapper $clientMapper,
 		private ISession $session,
 		private IL10N $l,
+		private ISecureRandom $random,
+		private IAppConfig $appConfig,
 	) {
 		parent::__construct($appName, $request);
 	}
@ -78,12 +83,28 @@ class LoginRedirectorController extends Controller {

 		$this->session->set('oauth.state', $state);

-		$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
-			'core.ClientFlowLogin.showAuthPickerPage',
-			[
-				'clientIdentifier' => $client->getClientIdentifier(),
-			]
-		);
+		if (in_array($client->getName(), $this->appConfig->getValueArray('oauth2', 'autoGrantApplications', []))) {
+			/* See ClientFlowLoginController::showAuthPickerPage */
+			$stateToken = $this->random->generate(
+				64,
+				ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_DIGITS
+			);
+			$this->session->set(ClientFlowLoginController::STATE_NAME, $stateToken);
+			$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+				'core.ClientFlowLogin.grantPage',
+				[
+					'stateToken' => $stateToken,
+					'clientIdentifier' => $client->getClientIdentifier(),
+				]
+			);
+		} else {
+			$targetUrl = $this->urlGenerator->linkToRouteAbsolute(
+				'core.ClientFlowLogin.showAuthPickerPage',
+				[
+					'clientIdentifier' => $client->getClientIdentifier(),
+				]
+			);
+		}
 		return new RedirectResponse($targetUrl);
 	}
 }
--- a/core/Controller/ClientFlowLoginController.php
+++ b/core/Controller/ClientFlowLoginController.php
@ -8,7 +8,6 @@ namespace OC\Core\Controller;
 use OC\Authentication\Events\AppPasswordCreatedEvent;
 use OC\Authentication\Exceptions\PasswordlessTokenException;
 use OC\Authentication\Token\IProvider;
-use OC\Authentication\Token\IToken;
 use OCA\OAuth2\Db\AccessToken;
 use OCA\OAuth2\Db\AccessTokenMapper;
 use OCA\OAuth2\Db\ClientMapper;
@ -24,6 +23,7 @@ use OCP\AppFramework\Http\Response;
 use OCP\AppFramework\Http\StandaloneTemplateResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\Authentication\Exceptions\InvalidTokenException;
+use OCP\Authentication\Token\IToken;
 use OCP\Defaults;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IAppConfig;