From 55648bcf1a3d50e77d2077de5d2c9f2ad0631bfd Mon Sep 17 00:00:00 2001 From: Robert Kaiser Date: Fri, 17 Jul 2020 00:40:41 +0200 Subject: [PATCH] better handle missing auth header, set explicit response types to not get warnings about an empty resonse type array, match other redirect field lengths with the saved redirect field --- app/api.php | 7 ++++++- app/authutils.php-class | 8 +++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/app/api.php b/app/api.php index 10d43ed..0efc179 100644 --- a/app/api.php +++ b/app/api.php @@ -24,7 +24,12 @@ if (!count($errors)) { // Handle a request to a resource and authenticate the access token $token_OK = $server->verifyResourceRequest(OAuth2\Request::createFromGlobals()); if (!$token_OK) { - $server->getResponse()->send(); + $response = $server->getResponse(); + if (!count($response->getParameters())) { + // We get an empty response if we don't get any auth header. Let's actually note that explicitly. + $response->setError($response->getStatusCode(), 'auth_missing', 'Authentication missing'); + } + $response->send(); if ($settings['piwik_enabled']) { $piwikTracker->doTrackPageView('API Request: Bad Token'); } exit(); } diff --git a/app/authutils.php-class b/app/authutils.php-class index df41e71..440a153 100755 --- a/app/authutils.php-class +++ b/app/authutils.php-class @@ -503,6 +503,12 @@ class AuthUtils { // Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens) $server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true))); + // Add 'token' response type (mirroring what getDefaultResponseTypes is doing). + $server->addResponseType(new OAuth2\ResponseType\AccessToken($oauth2_storage, $oauth2_storage, $oauth2_config)); + + // Add 'code' response type (mirroring what getDefaultResponseTypes is doing). + $server->addResponseType(new OAuth2\ResponseType\AuthorizationCode($oauth2_storage)); + return $server; } @@ -610,7 +616,7 @@ class AuthUtils { $table->addColumn('logged_in', 'boolean', array('notnull' => true, 'default' => false)); $table->addColumn('time_created', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP')); $table->addColumn('time_expire', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP')); - $table->addColumn('saved_redirect', 'string', array('length' => 255, 'notnull' => true, 'default' => '')); + $table->addColumn('saved_redirect', 'string', array('length' => 2000, 'notnull' => true, 'default' => '')); $table->setPrimaryKey(array('id'), 'id'); $table->addIndex(array('sesskey'), 'sesskey'); $table->addIndex(array('time_expire'), 'time_expire'); -- 2.43.0