Skip to content

Commit

Permalink
Merge pull request #790 from nextcloud/backport/788/stable-5.2
Browse files Browse the repository at this point in the history
[stable-5.2] refactor(Controller): read parameter only once
  • Loading branch information
blizzz authored Nov 29, 2023
2 parents 61c6a5e + 04b5ed5 commit 3858303
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 5 deletions.
18 changes: 14 additions & 4 deletions lib/Controller/SAMLController.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
use OCP\IURLGenerator;
use OCP\IUserSession;
use OCP\Security\ICrypto;
use OCP\Security\ITrustedDomainHelper;
use OneLogin\Saml2\Auth;
use OneLogin\Saml2\Error;
use OneLogin\Saml2\Settings;
Expand Down Expand Up @@ -75,6 +76,7 @@ class SAMLController extends Controller {
* @var ICrypto
*/
private $crypto;
private ITrustedDomainHelper $trustedDomainHelper;

/**
* @param string $appName
Expand All @@ -101,7 +103,8 @@ public function __construct(
IL10N $l,
UserResolver $userResolver,
UserData $userData,
ICrypto $crypto
ICrypto $crypto,
ITrustedDomainHelper $trustedDomainHelper
) {
parent::__construct($appName, $request);
$this->session = $session;
Expand All @@ -115,6 +118,7 @@ public function __construct(
$this->userResolver = $userResolver;
$this->userData = $userData;
$this->crypto = $crypto;
$this->trustedDomainHelper = $trustedDomainHelper;
}

/**
Expand Down Expand Up @@ -204,11 +208,17 @@ protected function assertGroupMemberships(): void {
* @throws \Exception
*/
public function login(int $idp = 1) {
$originalUrl = (string)$this->request->getParam('originalUrl', '');
if (!$this->trustedDomainHelper->isTrustedUrl($originalUrl)) {
$originalUrl = '';
}

$type = $this->config->getAppValue($this->appName, 'type');
switch ($type) {
case 'saml':
$auth = new Auth($this->samlSettings->getOneLoginSettingsArray($idp));
$returnUrl = $this->request->getParam('originalUrl', $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.login'));

$returnUrl = $originalUrl ?: $this->urlGenerator->linkToRouteAbsolute('user_saml.SAML.login');
$ssoUrl = $auth->login($returnUrl, [], false, false, true);
$response = new Http\RedirectResponse($ssoUrl);

Expand All @@ -227,7 +237,7 @@ public function login(int $idp = 1) {
// Pack data as JSON so we can properly extract it later
$data = json_encode([
'AuthNRequestID' => $auth->getLastRequestID(),
'OriginalUrl' => $this->request->getParam('originalUrl', ''),
'OriginalUrl' => $originalUrl,
'Idp' => $idp,
'flow' => $flowData,
]);
Expand All @@ -241,7 +251,7 @@ public function login(int $idp = 1) {
$response->addCookie('saml_data', $data, null, 'None');
break;
case 'environment-variable':
$ssoUrl = $this->request->getParam('originalUrl', '');
$ssoUrl = $originalUrl;
if (empty($ssoUrl)) {
$ssoUrl = $this->urlGenerator->getAbsoluteURL('/');
}
Expand Down
7 changes: 6 additions & 1 deletion tests/unit/Controller/SAMLControllerTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
use OCP\IUser;
use OCP\IUserSession;
use OCP\Security\ICrypto;
use OCP\Security\ITrustedDomainHelper;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase;

Expand Down Expand Up @@ -70,6 +71,8 @@ class SAMLControllerTest extends TestCase {
private $crypto;
/** @var SAMLController */
private $samlController;
/** @var ITrustedDomainHelper|MockObject */
private $trustedDomainController;

protected function setUp(): void {
parent::setUp();
Expand All @@ -86,6 +89,7 @@ protected function setUp(): void {
$this->userResolver = $this->createMock(UserResolver::class);
$this->userData = $this->createMock(UserData::class);
$this->crypto = $this->createMock(ICrypto::class);
$this->trustedDomainController = $this->createMock(ITrustedDomainHelper::class);

$this->l->expects($this->any())->method('t')->willReturnCallback(
function ($param) {
Expand All @@ -111,7 +115,8 @@ function ($param) {
$this->l,
$this->userResolver,
$this->userData,
$this->crypto
$this->crypto,
$this->trustedDomainController
);
}

Expand Down

0 comments on commit 3858303

Please sign in to comment.