diff --git a/app/config/auth.php b/app/config/auth.php index 170b87344..400657400 100644 --- a/app/config/auth.php +++ b/app/config/auth.php @@ -42,7 +42,6 @@ return [ 'name' => 'Phone', 'key' => 'usersAuthPhone', 'icon' => '/images/users/phone.png', - 'docs' => 'https://appwrite.io/docs/client/account?sdk=web#accountCreatePhoneSession', 'docs' => '', 'enabled' => false, ], diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index d007ea1fa..c236509dd 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -26,8 +26,8 @@ use Appwrite\URL\URL as URLParser; use Appwrite\Utopia\Response; use Utopia\Validator\ArrayList; -$oauthDefaultSuccess = App::getEnv('_APP_HOME').'/auth/oauth2/success'; -$oauthDefaultFailure = App::getEnv('_APP_HOME').'/auth/oauth2/failure'; +$oauthDefaultSuccess = '/v1/auth/oauth2/success'; +$oauthDefaultFailure = '/v1/auth/oauth2/failure'; App::post('/v1/account') ->desc('Create Account') @@ -277,13 +277,13 @@ App::get('/v1/account/sessions/oauth2/:provider') ->label('abuse-limit', 50) ->label('abuse-key', 'ip:{ip}') ->param('provider', '', new WhiteList(\array_keys(Config::getParam('providers')), true), 'OAuth2 Provider. Currently, supported providers are: ' . \implode(', ', \array_keys(\array_filter(Config::getParam('providers'), function($node) {return (!$node['mock']);}))).'.') - ->param('success', $oauthDefaultSuccess, function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) - ->param('failure', $oauthDefaultFailure, function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) + ->param('success', '', function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a successful login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) + ->param('failure', '', function ($clients) { return new Host($clients); }, 'URL to redirect back to your app after a failed login attempt. Only URLs from hostnames in your project platform list are allowed. This requirement helps to prevent an [open redirect](https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html) attack against your project API.', true, ['clients']) ->param('scopes', [], new ArrayList(new Text(128)), 'A list of custom OAuth2 scopes. Check each provider internal docs for a list of supported scopes.', true) ->inject('request') ->inject('response') ->inject('project') - ->action(function ($provider, $success, $failure, $scopes, $request, $response, $project) { + ->action(function ($provider, $success, $failure, $scopes, $request, $response, $project) use ($oauthDefaultSuccess, $oauthDefaultFailure) { /** @var Utopia\Swoole\Request $request */ /** @var Appwrite\Utopia\Response $response */ /** @var Appwrite\Database\Document $project */ @@ -308,6 +308,14 @@ App::get('/v1/account/sessions/oauth2/:provider') throw new Exception('Provider is not supported', 501); } + if(empty($success)) { + $success = $protocol . '://' . $request->getHostname() . $oauthDefaultSuccess; + } + + if(empty($failure)) { + $failure = $protocol . '://' . $request->getHostname() . $oauthDefaultFailure; + } + $oauth2 = new $classname($appId, $appSecret, $callback, ['success' => $success, 'failure' => $failure], $scopes); $response @@ -591,7 +599,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect') } // Add keys for non-web platforms - TODO - add verification phase to aviod session sniffing - if (parse_url($state['success'], PHP_URL_PATH) === parse_url($oauthDefaultSuccess, PHP_URL_PATH)) { + if (parse_url($state['success'], PHP_URL_PATH) === $oauthDefaultSuccess) { $state['success'] = URLParser::parse($state['success']); $query = URLParser::parseQuery($state['success']['query']); $query['project'] = $project->getId(); diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php index 7b9d423b9..f7f7e2cb7 100644 --- a/app/controllers/api/teams.php +++ b/app/controllers/api/teams.php @@ -426,7 +426,7 @@ App::post('/v1/teams/:teamId/memberships') } $url = Template::parseURL($url); - $url['query'] = Template::mergeQuery(((isset($url['query'])) ? $url['query'] : ''), ['membershipId' => $membership->getId(), 'teamId' => $team->getId(), 'userId' => $invitee->getId(), 'secret' => $secret, 'teamId' => $teamId]); + $url['query'] = Template::mergeQuery(((isset($url['query'])) ? $url['query'] : ''), ['membershipId' => $membership->getId(), 'userId' => $invitee->getId(), 'secret' => $secret, 'teamId' => $teamId]); $url = Template::unParseURL($url); if (!$isPrivilegedUser && !$isAppUser) { // No need of confirmation when in admin or app mode diff --git a/app/workers/deletes.php b/app/workers/deletes.php index 68d9aa1f2..416cdc069 100644 --- a/app/workers/deletes.php +++ b/app/workers/deletes.php @@ -215,7 +215,7 @@ class DeletesV1 extends Worker } // Delete Dead Realtime Logs $this->deleteByGroup([ - '$collection='.Database::SYSTEM_COLLECTION_REALTIME_CONNECTIONS, + '$collection='.Database::SYSTEM_COLLECTION_CONNECTIONS, 'timestamp<'.$timestamp ], $consoleDB);