From 55648bcf1a3d50e77d2077de5d2c9f2ad0631bfd Mon Sep 17 00:00:00 2001
From: Robert Kaiser <kairo@kairo.at>
Date: Fri, 17 Jul 2020 00:40:41 +0200
Subject: [PATCH 1/1] better handle missing auth header, set explicit response
 types to not get warnings about an empty resonse type array, match other
 redirect field lengths with the saved redirect field

---
 app/api.php             | 7 ++++++-
 app/authutils.php-class | 8 +++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/app/api.php b/app/api.php
index 10d43ed..0efc179 100644
--- a/app/api.php
+++ b/app/api.php
@@ -24,7 +24,12 @@ if (!count($errors)) {
   // Handle a request to a resource and authenticate the access token
   $token_OK = $server->verifyResourceRequest(OAuth2\Request::createFromGlobals());
   if (!$token_OK) {
-    $server->getResponse()->send();
+    $response = $server->getResponse();
+    if (!count($response->getParameters())) {
+      // We get an empty response if we don't get any auth header. Let's actually note that explicitly.
+      $response->setError($response->getStatusCode(), 'auth_missing', 'Authentication missing');
+    }
+    $response->send();
     if ($settings['piwik_enabled']) { $piwikTracker->doTrackPageView('API Request: Bad Token'); }
     exit();
   }
diff --git a/app/authutils.php-class b/app/authutils.php-class
index df41e71..440a153 100755
--- a/app/authutils.php-class
+++ b/app/authutils.php-class
@@ -503,6 +503,12 @@ class AuthUtils {
     // Add the "Refresh Token" grant type (required to get longer-living resource access by generating new access tokens)
     $server->addGrantType(new OAuth2\GrantType\RefreshToken($oauth2_storage, array('always_issue_new_refresh_token' => true)));
 
+    // Add 'token' response type (mirroring what getDefaultResponseTypes is doing).
+    $server->addResponseType(new OAuth2\ResponseType\AccessToken($oauth2_storage, $oauth2_storage, $oauth2_config));
+
+    // Add 'code' response type (mirroring what getDefaultResponseTypes is doing).
+    $server->addResponseType(new OAuth2\ResponseType\AuthorizationCode($oauth2_storage));
+
     return $server;
   }
 
@@ -610,7 +616,7 @@ class AuthUtils {
     $table->addColumn('logged_in', 'boolean', array('notnull' => true, 'default' => false));
     $table->addColumn('time_created', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP'));
     $table->addColumn('time_expire', 'datetime', array('notnull' => true, 'default' => 'CURRENT_TIMESTAMP'));
-    $table->addColumn('saved_redirect', 'string', array('length' => 255, 'notnull' => true, 'default' => ''));
+    $table->addColumn('saved_redirect', 'string', array('length' => 2000, 'notnull' => true, 'default' => ''));
     $table->setPrimaryKey(array('id'), 'id');
     $table->addIndex(array('sesskey'), 'sesskey');
     $table->addIndex(array('time_expire'), 'time_expire');
-- 
2.35.3