From b5274fa0f72bb004562967b0389fe4a0e2d78694 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Mon, 23 Jun 2025 16:18:14 +0200 Subject: [PATCH 01/11] handle token request cases for authorization_code and refresh_token differently --- solid/lib/Controller/ServerController.php | 41 ++++++++++++++++------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 06f18c9f..460bec39 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -297,7 +297,25 @@ public function session() { */ public function token() { $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); - $code = $request->getParsedBody()['code']; + $grantType = $request->getParsedBody()['grant_type']; + switch ($grantType) { + case "authorization_code": + $code = $request->getParsedBody()['code']; + // FIXME: not sure if decoding this here is the way to go. + // FIXME: because this is a public page, the nonce from the session is not available here. + $codeInfo = $this->tokenGenerator->getCodeInfo($code); + $userId = $codeInfo['user_id']; + break; + case "refresh_token": + $refreshToken = $request->getParsedBody()['refresh_token']; + $tokenInfo = $this->tokenGenerator->getRefreshTokenInfo($refreshToken); + $userId = $tokenInfo['user_id']; + break; + default: + $userId = false; + break; + } + $clientId = $request->getParsedBody()['client_id']; $httpDpop = $request->getServerParams()['HTTP_DPOP']; @@ -306,17 +324,16 @@ public function token() { $server = new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response); $response = $server->respondToAccessTokenRequest($request); - // FIXME: not sure if decoding this here is the way to go. - // FIXME: because this is a public page, the nonce from the session is not available here. - $codeInfo = $this->tokenGenerator->getCodeInfo($code); - $response = $this->tokenGenerator->addIdTokenToResponse( - $response, - $clientId, - $codeInfo['user_id'], - ($_SESSION['nonce'] ?? ''), - $this->config->getPrivateKey(), - $httpDpop - ); + if ($userId) { + $response = $this->tokenGenerator->addIdTokenToResponse( + $response, + $clientId, + $userId, + ($_SESSION['nonce'] ?? ''), + $this->config->getPrivateKey(), + $httpDpop + ); + } return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*'); } From f8fb8fa70640eee26306e993bf300127b567b30b Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Wed, 25 Jun 2025 22:43:47 +0200 Subject: [PATCH 02/11] Get client_id from either GET or POST --- solid/lib/Controller/ServerController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 460bec39..6a23de00 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -104,7 +104,8 @@ private function getKeys() { } private function createAuthServerConfig() { - $clientId = isset($_GET['client_id']) ? $_GET['client_id'] : null; + $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); + $clientId = $request->getParsedBody()['client_id']; $client = $this->getClient($clientId); $keys = $this->getKeys(); try { From 9dbf4570f3b9d71208c4da1acac488988bed1c85 Mon Sep 17 00:00:00 2001 From: Ben Peachey Date: Thu, 26 Jun 2025 10:29:13 +0200 Subject: [PATCH 03/11] Change PHP Codesniffer style so `break` and `case` need to be indented the same. --- .config/phpcs.xml.dist | 5 +++++ solid/lib/Controller/ServerController.php | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.config/phpcs.xml.dist b/.config/phpcs.xml.dist index a6147742..10a3ed77 100644 --- a/.config/phpcs.xml.dist +++ b/.config/phpcs.xml.dist @@ -20,6 +20,11 @@ + + + + + diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 6a23de00..44b98e2a 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -272,10 +272,10 @@ private function getResponseType() { foreach ($responseTypes as $responseType) { switch ($responseType) { case "token": - return "token"; + return "token"; break; case "code": - return "code"; + return "code"; break; } } From e6906c669ca953d7eac88c6a773954e18ae1cd6b Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 17:58:32 +0200 Subject: [PATCH 04/11] rename decrypt call --- solid/lib/Controller/ServerController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 44b98e2a..ff3363e9 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -309,7 +309,7 @@ public function token() { break; case "refresh_token": $refreshToken = $request->getParsedBody()['refresh_token']; - $tokenInfo = $this->tokenGenerator->getRefreshTokenInfo($refreshToken); + $tokenInfo = $this->tokenGenerator->getCodeInfo($refreshToken); // FIXME: getCodeInfo should be named 'decrypt' or 'getInfo'? $userId = $tokenInfo['user_id']; break; default: @@ -385,7 +385,7 @@ public function register() { // ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') && // ($request->getRawPathInfo() !== '/apps/solid/token') */ - // 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to + 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to 'registration_client_uri' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.server.registeredClient", array("clientId" => $clientData['client_id']))), 'client_id_issued_at' => $clientData['client_id_issued_at'], From e93cac62b2c7dbc490c87928569cf487e1b9b109 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 18:06:26 +0200 Subject: [PATCH 05/11] remove client_secret --- solid/lib/Controller/ServerController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index ff3363e9..553f6bfa 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -385,7 +385,7 @@ public function register() { // ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') && // ($request->getRawPathInfo() !== '/apps/solid/token') */ - 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to + // 'client_secret' => $clientData['client_secret'], // FIXME: Returning this means we need to patch Nextcloud to accept tokens on calls to 'registration_client_uri' => $this->urlGenerator->getAbsoluteURL($this->urlGenerator->linkToRoute("solid.server.registeredClient", array("clientId" => $clientData['client_id']))), 'client_id_issued_at' => $clientData['client_id_issued_at'], From 80ee0f920b1464a0058b94a215568a8c9445abb8 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:11:15 +0200 Subject: [PATCH 06/11] straight from GET or POST --- solid/lib/Controller/ServerController.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 553f6bfa..1b098acd 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -104,8 +104,12 @@ private function getKeys() { } private function createAuthServerConfig() { - $request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES); - $clientId = $request->getParsedBody()['client_id']; + $clientId = null; + if (isset($_GET['client_id'])) { + $clientId = $_GET['client_id']; + } else if (isset($_POST['client_id'])) { + $clientId = $_POST['client_id']; + } $client = $this->getClient($clientId); $keys = $this->getKeys(); try { From 487936ccf082212f02591dae486d16a22f644416 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:20:37 +0200 Subject: [PATCH 07/11] remove elseif nag --- .config/phpcs.xml.dist | 1 + 1 file changed, 1 insertion(+) diff --git a/.config/phpcs.xml.dist b/.config/phpcs.xml.dist index 10a3ed77..202fd632 100644 --- a/.config/phpcs.xml.dist +++ b/.config/phpcs.xml.dist @@ -23,6 +23,7 @@ + From 490efe9706c6d454d2fce9265b2dae82b35d49d9 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:24:06 +0200 Subject: [PATCH 08/11] fix indentation --- solid/lib/Controller/ServerController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php index 1b098acd..f1ad3770 100644 --- a/solid/lib/Controller/ServerController.php +++ b/solid/lib/Controller/ServerController.php @@ -276,10 +276,10 @@ private function getResponseType() { foreach ($responseTypes as $responseType) { switch ($responseType) { case "token": - return "token"; + return "token"; break; case "code": - return "code"; + return "code"; break; } } From ae6bd9302c66a41c47fc5d3bad3ca02ceb53db16 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:24:49 +0200 Subject: [PATCH 09/11] remove switch case property that is not working as intended --- .config/phpcs.xml.dist | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.config/phpcs.xml.dist b/.config/phpcs.xml.dist index 202fd632..3887aeb6 100644 --- a/.config/phpcs.xml.dist +++ b/.config/phpcs.xml.dist @@ -21,8 +21,8 @@ - - + + From 28384b541b82df6a4db83020bde6d170f40276a0 Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:28:33 +0200 Subject: [PATCH 10/11] exclude PSR2.ControlStructures.ControlStructureSpacing.SpacingAfterOpenBrace --- .config/phpcs.xml.dist | 1 + solid/tests/Integration/AppTest.php | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.config/phpcs.xml.dist b/.config/phpcs.xml.dist index 3887aeb6..c63bc0a9 100644 --- a/.config/phpcs.xml.dist +++ b/.config/phpcs.xml.dist @@ -24,6 +24,7 @@ + diff --git a/solid/tests/Integration/AppTest.php b/solid/tests/Integration/AppTest.php index 6347f963..f12c4b5e 100644 --- a/solid/tests/Integration/AppTest.php +++ b/solid/tests/Integration/AppTest.php @@ -5,7 +5,6 @@ use OCP\AppFramework\App; use Test\TestCase; - /** * This test shows how to make a small Integration Test. Query your class * directly from the container, only pass in mocks if needed and run your tests From 35e4294c586f40315d5212e9c145f71b91b425aa Mon Sep 17 00:00:00 2001 From: Yvo Brevoort Date: Thu, 26 Jun 2025 20:56:17 +0200 Subject: [PATCH 11/11] inject --- solid/lib/AppInfo/Application.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/solid/lib/AppInfo/Application.php b/solid/lib/AppInfo/Application.php index cb507bc0..f4df2650 100644 --- a/solid/lib/AppInfo/Application.php +++ b/solid/lib/AppInfo/Application.php @@ -67,7 +67,11 @@ public function register(IRegistrationContext $context): void { } public function boot(IBootContext $context): void { - self::$userSubDomainsEnabled = OC::$server->get(AppConfig::class)->getValueBool(self::APP_ID, 'userSubDomainsEnabled'); + $context->injectFn($this->registerUserSubDomains(...)); require_once(__DIR__.'/../../vendor/autoload.php'); } + + protected function registerUserSubDomains(IAppConfig $config): void { + self::$userSubDomainsEnabled = $config->getValueBool(self::APP_ID, 'userSubDomainsEnabled'); + } }