From 186ba99f5e32ec1ac4303cd2c5a675b8b284210e Mon Sep 17 00:00:00 2001 From: Alex Kirk Date: Thu, 7 Dec 2023 19:36:11 +0100 Subject: [PATCH 1/2] Fix failing login when Authorize form is non-English --- src/Http/Handlers/AuthorizeHandler.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Http/Handlers/AuthorizeHandler.php b/src/Http/Handlers/AuthorizeHandler.php index d1e6a79..3c56cb9 100644 --- a/src/Http/Handlers/AuthorizeHandler.php +++ b/src/Http/Handlers/AuthorizeHandler.php @@ -45,7 +45,7 @@ public function handle( Request $request, Response $response ): Response { $client_id = $request->query( 'client_id', $request->request( 'client_id' ) ); if ( $this->consent_storage->needs_consent( $user->ID, $client_id ) ) { - if ( ! isset( $_POST['authorize'] ) || 'Authorize' !== $_POST['authorize'] ) { + if ( ! isset( $_POST['authorize'] ) || __( 'Authorize', 'openid-connect-server' ) !== $_POST['authorize'] ) { $response->send(); exit; } From 7ef23fe27af3cfbebb585bb90dcfafe6179039d2 Mon Sep 17 00:00:00 2001 From: Ashfame Date: Fri, 8 Dec 2023 12:40:53 +0400 Subject: [PATCH 2/2] return error when consent authorization fails --- src/Http/Handlers/AuthorizeHandler.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Http/Handlers/AuthorizeHandler.php b/src/Http/Handlers/AuthorizeHandler.php index 3c56cb9..96371ce 100644 --- a/src/Http/Handlers/AuthorizeHandler.php +++ b/src/Http/Handlers/AuthorizeHandler.php @@ -46,8 +46,8 @@ public function handle( Request $request, Response $response ): Response { $client_id = $request->query( 'client_id', $request->request( 'client_id' ) ); if ( $this->consent_storage->needs_consent( $user->ID, $client_id ) ) { if ( ! isset( $_POST['authorize'] ) || __( 'Authorize', 'openid-connect-server' ) !== $_POST['authorize'] ) { - $response->send(); - exit; + $response->setError( 403, 'user_authorization_required', 'This application requires your consent.' ); + return $response; } $this->consent_storage->update_timestamp( $user->ID, $client_id );