-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix flow #6879
Conversation
Signed-off-by: Mario Danic <mario@lovelyhq.com>
@@ -428,7 +428,7 @@ public function testGeneratePasswordWithPassword() { | |||
->method('getServerHost') | |||
->willReturn('example.com'); | |||
|
|||
$expected = new Http\RedirectResponse('nc://login/server:example.com&user:MyLoginName&password:MyGeneratedToken'); | |||
$expected = new Http\RedirectResponse('nc://login/http://server:example.com&user:MyLoginName&password:MyGeneratedToken'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'nc://login/server:http://
cough
|
||
$expected = new Http\RedirectResponse('nc://login/server:example.com&user:MyLoginName&password:MyGeneratedToken'); | ||
$expected = new Http\RedirectResponse('nc://login/http://server:example.com&user:MyLoginName&password:MyGeneratedToken'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
@nickvergessen fixed |
I tested, it works, but I don't know if tests work xD |
@@ -161,7 +161,7 @@ public function testShowAuthPickerPageWithOcsHeader() { | |||
$this->request | |||
->expects($this->once()) | |||
->method('getServerHost') | |||
->willReturn('example.com'); | |||
->willReturn('http://example.com'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is cheating? make sure it actually calls getServerProtocol
?!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm actually wouldnt it return example.com? Since it's just getServerHost ... Tests need better thinking xD
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
Codecov Report
@@ Coverage Diff @@
## master #6879 +/- ##
=========================================
Coverage ? 34.68%
Complexity ? 24299
=========================================
Files ? 1577
Lines ? 92928
Branches ? 1359
=========================================
Hits ? 32235
Misses ? 60693
Partials ? 0
|
Can we get this in 12 as well? It's important ... |
@nickvergessen all should be fixed. |
Why do we need this? I think we should only allow the new flow with https. If that can't be then just first try https and if that fails http. Also. The user already entered an url with protocol to get to this stage. Can't you just fetch the protocol from the url entered? |
a) I don't want to guess (possible two network queries instead of one) Also, while allowing all this only with HTTPS is a noble idea, reality is different :) |
@@ -302,7 +302,8 @@ public function generateAppPassword($stateToken, | |||
); | |||
$this->session->remove('oauth.state'); | |||
} else { | |||
$redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token); | |||
$serverPath = $this->request->getServerProtocol() . "://" . $this->request->getServerHost() . substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), "/index.php")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This won't work if you have pretty urls. Since then you don't have index.php
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have an alternative suggestion? Even on Android for login flow we always use index.php.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got an idea. Testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added support for pretty urls.
@@ -302,7 +302,16 @@ public function generateAppPassword($stateToken, | |||
); | |||
$this->session->remove('oauth.state'); | |||
} else { | |||
$redirectUri = 'nc://login/server:' . $this->request->getServerHost() . '&user:' . urlencode($loginName) . '&password:' . urlencode($token); | |||
$serverPostfix = ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use single quotes
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), "/login/flow")); | ||
} | ||
|
||
$serverPath = $this->request->getServerProtocol() . "://" . $this->request->getServerHost() . $serverPostfix; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
single quotes
$serverPostfix = ""; | ||
|
||
if (strpos($this->request->getRequestUri(), '/index.php') !== false) { | ||
$serverPostfix = substr($this->request->getRequestUri(), 0, strpos($this->request->getRequestUri(), "/index.php")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here and below
Should we merge this then? Or does it break existing stuff etc? |
@nickvergessen updated. |
Conflict :/ |
This fixes the new authentication flow as in: