Update OAuth2 params
1. Make code optional so we can show the error via redirect 2. Capture error and error_description params from the OAuth2 provider
This commit is contained in:
parent
a7c9e4bb7e
commit
2621c08c4a
1 changed files with 38 additions and 8 deletions
|
@ -339,11 +339,13 @@ App::get('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||||
->label('docs', false)
|
->label('docs', false)
|
||||||
->param('projectId', '', new Text(1024), 'Project ID.')
|
->param('projectId', '', new Text(1024), 'Project ID.')
|
||||||
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
||||||
->param('code', '', new Text(2048), 'OAuth2 code.')
|
->param('code', '', new Text(2048, 0), 'OAuth2 code.', true)
|
||||||
->param('state', '', new Text(2048), 'Login state params.', true)
|
->param('state', '', new Text(2048), 'Login state params.', true)
|
||||||
|
->param('error', '', new Text(2048, 0), 'Error code returned from the OAuth2 provider.', true)
|
||||||
|
->param('error_description', '', new Text(2048, 0), 'Human-readable text providing additional information about the error returned from the OAuth2 provider.', true)
|
||||||
->inject('request')
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->action(function (string $projectId, string $provider, string $code, string $state, Request $request, Response $response) {
|
->action(function (string $projectId, string $provider, string $code, string $state, string $error, string $error_description, Request $request, Response $response) {
|
||||||
|
|
||||||
$domain = $request->getHostname();
|
$domain = $request->getHostname();
|
||||||
$protocol = $request->getProtocol();
|
$protocol = $request->getProtocol();
|
||||||
|
@ -352,7 +354,13 @@ App::get('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||||
->addHeader('Pragma', 'no-cache')
|
->addHeader('Pragma', 'no-cache')
|
||||||
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
||||||
. \http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
. \http_build_query([
|
||||||
|
'project' => $projectId,
|
||||||
|
'code' => $code,
|
||||||
|
'state' => $state,
|
||||||
|
'error' => $error,
|
||||||
|
'error_description' => $error_description
|
||||||
|
]));
|
||||||
});
|
});
|
||||||
|
|
||||||
App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||||
|
@ -364,11 +372,13 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||||
->label('docs', false)
|
->label('docs', false)
|
||||||
->param('projectId', '', new Text(1024), 'Project ID.')
|
->param('projectId', '', new Text(1024), 'Project ID.')
|
||||||
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
||||||
->param('code', '', new Text(2048), 'OAuth2 code.')
|
->param('code', '', new Text(2048, 0), 'OAuth2 code.', true)
|
||||||
->param('state', '', new Text(2048), 'Login state params.', true)
|
->param('state', '', new Text(2048), 'Login state params.', true)
|
||||||
|
->param('error', '', new Text(2048, 0), 'Error code returned from the OAuth2 provider.', true)
|
||||||
|
->param('error_description', '', new Text(2048, 0), 'Human-readable text providing additional information about the error returned from the OAuth2 provider.', true)
|
||||||
->inject('request')
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->action(function (string $projectId, string $provider, string $code, string $state, Request $request, Response $response) {
|
->action(function (string $projectId, string $provider, string $code, string $state, string $error, string $error_description, Request $request, Response $response) {
|
||||||
|
|
||||||
$domain = $request->getHostname();
|
$domain = $request->getHostname();
|
||||||
$protocol = $request->getProtocol();
|
$protocol = $request->getProtocol();
|
||||||
|
@ -377,7 +387,13 @@ App::post('/v1/account/sessions/oauth2/callback/:provider/:projectId')
|
||||||
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
->addHeader('Cache-Control', 'no-store, no-cache, must-revalidate, max-age=0')
|
||||||
->addHeader('Pragma', 'no-cache')
|
->addHeader('Pragma', 'no-cache')
|
||||||
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
->redirect($protocol . '://' . $domain . '/v1/account/sessions/oauth2/' . $provider . '/redirect?'
|
||||||
. \http_build_query(['project' => $projectId, 'code' => $code, 'state' => $state]));
|
. \http_build_query([
|
||||||
|
'project' => $projectId,
|
||||||
|
'code' => $code,
|
||||||
|
'state' => $state,
|
||||||
|
'error' => $error,
|
||||||
|
'error_description' => $error_description
|
||||||
|
]));
|
||||||
});
|
});
|
||||||
|
|
||||||
App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
|
@ -395,8 +411,10 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
->label('usage.metric', 'sessions.{scope}.requests.create')
|
->label('usage.metric', 'sessions.{scope}.requests.create')
|
||||||
->label('usage.params', ['provider:{request.provider}'])
|
->label('usage.params', ['provider:{request.provider}'])
|
||||||
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 provider.')
|
||||||
->param('code', '', new Text(2048), 'OAuth2 code.')
|
->param('code', '', new Text(2048, 0), 'OAuth2 code.', true)
|
||||||
->param('state', '', new Text(2048), 'OAuth2 state params.', true)
|
->param('state', '', new Text(2048), 'OAuth2 state params.', true)
|
||||||
|
->param('error', '', new Text(2048, 0), 'Error code returned from the OAuth2 provider.', true)
|
||||||
|
->param('error_description', '', new Text(2048, 0), 'Human-readable text providing additional information about the error returned from the OAuth2 provider.', true)
|
||||||
->inject('request')
|
->inject('request')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('project')
|
->inject('project')
|
||||||
|
@ -404,7 +422,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('geodb')
|
->inject('geodb')
|
||||||
->inject('events')
|
->inject('events')
|
||||||
->action(function (string $provider, string $code, string $state, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Event $events) use ($oauthDefaultSuccess) {
|
->action(function (string $provider, string $code, string $state, string $error, string $error_description, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Event $events) use ($oauthDefaultSuccess) {
|
||||||
|
|
||||||
$protocol = $request->getProtocol();
|
$protocol = $request->getProtocol();
|
||||||
$callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId();
|
$callback = $protocol . '://' . $request->getHostname() . '/v1/account/sessions/oauth2/callback/' . $provider . '/' . $project->getId();
|
||||||
|
@ -467,6 +485,18 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
|
||||||
$failureRedirect(Exception::PROJECT_PROVIDER_DISABLED, 'This provider is disabled. Please enable the provider from your ' . APP_NAME . ' console to continue.');
|
$failureRedirect(Exception::PROJECT_PROVIDER_DISABLED, 'This provider is disabled. Please enable the provider from your ' . APP_NAME . ' console to continue.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!empty($error)) {
|
||||||
|
$message = 'The ' . $providerName . ' OAuth2 provider returned an error: ' . $error;
|
||||||
|
if (!empty($error_description)) {
|
||||||
|
$message .= ': ' . $error_description;
|
||||||
|
}
|
||||||
|
$failureRedirect(Exception::USER_OAUTH2_PROVIDER_ERROR, $message);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($code)) {
|
||||||
|
$failureRedirect(Exception::USER_OAUTH2_PROVIDER_ERROR, 'Missing OAuth2 code. Please contact the Appwrite team for additional support.');
|
||||||
|
}
|
||||||
|
|
||||||
if (!empty($appSecret) && isset($appSecret['version'])) {
|
if (!empty($appSecret) && isset($appSecret['version'])) {
|
||||||
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $appSecret['version']);
|
$key = App::getEnv('_APP_OPENSSL_KEY_V' . $appSecret['version']);
|
||||||
$appSecret = OpenSSL::decrypt($appSecret['data'], $appSecret['method'], $key, 0, \hex2bin($appSecret['iv']), \hex2bin($appSecret['tag']));
|
$appSecret = OpenSSL::decrypt($appSecret['data'], $appSecret['method'], $key, 0, \hex2bin($appSecret['iv']), \hex2bin($appSecret['tag']));
|
||||||
|
|
Loading…
Reference in a new issue