Skip to content

Commit

Permalink
Fix authorizationCode flow on HL API documentation
Browse files Browse the repository at this point in the history 
fixes #18005
  • Loading branch information
@cedric-anne
cedric-anne committed Oct 23, 2024
1 parent ff21253 commit 2ea8bf3
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 12 deletions.
6 changes: 3 additions & 3 deletions src/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -671,7 +671,7 @@ public function getAlternateAuthSystemsUserLogin($authtype = 0)
}
break;
case self::COOKIE:
$cookie_name = session_name() . '_rememberme';
$cookie_name = Session::buildSessionName() . '_rememberme';

if ($CFG_GLPI["login_remember_time"]) {
$data = null;
Expand Down Expand Up @@ -1521,7 +1521,7 @@ public static function checkAlternateAuthSystems($redirect = false, $redirect_st
}
}

$cookie_name = session_name() . '_rememberme';
$cookie_name = Session::buildSessionName() . '_rememberme';
if ($CFG_GLPI["login_remember_time"] && isset($_COOKIE[$cookie_name])) {
if ($redirect) {
Html::redirect($CFG_GLPI["root_doc"] . "/front/login.php" . $redir_string);
Expand Down Expand Up @@ -1752,7 +1752,7 @@ public static function setRememberMeCookie(string $cookie_value): void
/** @var array $CFG_GLPI */
global $CFG_GLPI;

$cookie_name = session_name() . '_rememberme';
$cookie_name = Session::buildSessionName() . '_rememberme';
$cookie_lifetime = empty($cookie_value) ? time() - 3600 : time() + $CFG_GLPI['login_remember_time'];
$cookie_path = ini_get('session.cookie_path');
$cookie_domain = ini_get('session.cookie_domain');
Expand Down
19 changes: 13 additions & 6 deletions src/Glpi/Api/HL/Controller/CoreController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -426,11 +426,17 @@ public function authorize(Request $request): Response
$user_id = Session::getLoginUserID();
if ($user_id === false) {
// Redirect to login page
$scope = implode(',', $auth_request->getScopes());
$client_id = $auth_request->getClient()->getIdentifier();
$redirect_uri = $this->getAPIPathForRouteFunction(self::class, 'authorize');
$redirect_uri .= '?scope=' . $scope . '&client_id=' . $client_id . '&response_type=code&redirect_uri=' . urlencode($auth_request->getRedirectUri());
$redirect_uri = $CFG_GLPI['url_base'] . '/api.php/v2' . $redirect_uri;
$redirect_params = [
'scope' => implode(' ', array_map(static fn ($s) => $s->getIdentifier(), $auth_request->getScopes())),
'client_id' => $auth_request->getClient()->getIdentifier(),
'response_type' => 'code',
'redirect_uri' => $auth_request->getRedirectUri(),
];
$redirect_uri = $CFG_GLPI['url_base']
. '/api.php/v2'
. $this->getAPIPathForRouteFunction(self::class, 'authorize')
. '?'
. http_build_query($redirect_params);
return new Response(302, ['Location' => $CFG_GLPI['url_base'] . '/?redirect=' . rawurlencode($redirect_uri)]);
}
$user = new \Glpi\OAuth\User();
Expand All @@ -455,7 +461,8 @@ public function authorize(Request $request): Response
return $response;
} catch (OAuthServerException $exception) {
return $exception->generateHttpResponse(new Response());
} catch (\Throwable) {
} catch (\Throwable $exception) {
ErrorHandler::getInstance()->handleException($exception, true);
return new JSONResponse(null, 500);
}
}
Expand Down
4 changes: 1 addition & 3 deletions src/Glpi/Api/HL/Middleware/CookieAuthMiddleware.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,8 @@ public function process(MiddlewareInput $input, callable $next): void
$auth = new \Auth();
if ($auth->getAlternateAuthSystemsUserLogin(\Auth::COOKIE)) {
// User could be authenticated by a cookie
// Need to destroy the current session, enable cookie use, and then restart the session
session_destroy();
// Need to use cookies for session and start it manually
ini_set('session.use_cookies', '1');
Session::setPath();
Session::start();
// unset the response to indicate a successful auth
$input->response = null;
Expand Down

0 comments on commit 2ea8bf3

Please sign in to comment.