diff --git a/.config/phpcs.xml.dist b/.config/phpcs.xml.dist
index a6147742..c63bc0a9 100644
--- a/.config/phpcs.xml.dist
+++ b/.config/phpcs.xml.dist
@@ -20,6 +20,13 @@
+
+
+
+
+
+
+
diff --git a/solid/lib/AppInfo/Application.php b/solid/lib/AppInfo/Application.php
index cb507bc0..f4df2650 100644
--- a/solid/lib/AppInfo/Application.php
+++ b/solid/lib/AppInfo/Application.php
@@ -67,7 +67,11 @@ public function register(IRegistrationContext $context): void {
}
public function boot(IBootContext $context): void {
- self::$userSubDomainsEnabled = OC::$server->get(AppConfig::class)->getValueBool(self::APP_ID, 'userSubDomainsEnabled');
+ $context->injectFn($this->registerUserSubDomains(...));
require_once(__DIR__.'/../../vendor/autoload.php');
}
+
+ protected function registerUserSubDomains(IAppConfig $config): void {
+ self::$userSubDomainsEnabled = $config->getValueBool(self::APP_ID, 'userSubDomainsEnabled');
+ }
}
diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php
index 06f18c9f..f1ad3770 100644
--- a/solid/lib/Controller/ServerController.php
+++ b/solid/lib/Controller/ServerController.php
@@ -104,7 +104,12 @@ private function getKeys() {
}
private function createAuthServerConfig() {
- $clientId = isset($_GET['client_id']) ? $_GET['client_id'] : null;
+ $clientId = null;
+ if (isset($_GET['client_id'])) {
+ $clientId = $_GET['client_id'];
+ } else if (isset($_POST['client_id'])) {
+ $clientId = $_POST['client_id'];
+ }
$client = $this->getClient($clientId);
$keys = $this->getKeys();
try {
@@ -297,7 +302,25 @@ public function session() {
*/
public function token() {
$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
- $code = $request->getParsedBody()['code'];
+ $grantType = $request->getParsedBody()['grant_type'];
+ switch ($grantType) {
+ case "authorization_code":
+ $code = $request->getParsedBody()['code'];
+ // FIXME: not sure if decoding this here is the way to go.
+ // FIXME: because this is a public page, the nonce from the session is not available here.
+ $codeInfo = $this->tokenGenerator->getCodeInfo($code);
+ $userId = $codeInfo['user_id'];
+ break;
+ case "refresh_token":
+ $refreshToken = $request->getParsedBody()['refresh_token'];
+ $tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'?
+ $userId = $tokenInfo['user_id'];
+ break;
+ default:
+ $userId = false;
+ break;
+ }
+
$clientId = $request->getParsedBody()['client_id'];
$httpDpop = $request->getServerParams()['HTTP_DPOP'];
@@ -306,17 +329,16 @@ public function token() {
$server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
$response = $server->respondToAccessTokenRequest($request);
- // FIXME: not sure if decoding this here is the way to go.
- // FIXME: because this is a public page, the nonce from the session is not available here.
- $codeInfo = $this->tokenGenerator->getCodeInfo($code);
- $response = $this->tokenGenerator->addIdTokenToResponse(
- $response,
- $clientId,
- $codeInfo['user_id'],
- ($_SESSION['nonce'] ?? ''),
- $this->config->getPrivateKey(),
- $httpDpop
- );
+ if ($userId) {
+ $response = $this->tokenGenerator->addIdTokenToResponse(
+ $response,
+ $clientId,
+ $userId,
+ ($_SESSION['nonce'] ?? ''),
+ $this->config->getPrivateKey(),
+ $httpDpop
+ );
+ }
return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*');
}
diff --git a/solid/tests/Integration/AppTest.php b/solid/tests/Integration/AppTest.php
index 6347f963..f12c4b5e 100644
--- a/solid/tests/Integration/AppTest.php
+++ b/solid/tests/Integration/AppTest.php
@@ -5,7 +5,6 @@
use OCP\AppFramework\App;
use Test\TestCase;
-
/**
* This test shows how to make a small Integration Test. Query your class
* directly from the container, only pass in mocks if needed and run your tests