openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs | README

commit 4fccc7ecba33495f7e17768e7f540f6c8e8fd3df
parent ce4daece98fd5257fd90b5bc346fdf0ef5577f4f
Author: Jan Dankert <develop@jandankert.de>
Date:   Sat, 31 Oct 2020 03:48:03 +0100

Some bad fixes for OIDC to work properly.

Diffstat:
Mmodules/cms/Dispatcher.class.php | 6+++++-
Mmodules/cms/action/LoginAction.class.php | 9++++++++-
Mmodules/cms/ui/UI.class.php | 6+++++-
Mmodules/openid_connect/OpenIDConnectClient.class.php | 3++-
Mmodules/util/Session.class.php | 1+
5 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php @@ -311,7 +311,7 @@ class Dispatcher // Daten werden nur angezeigt, die Sitzung kann also schon geschlossen werden. // Halt! In Index-Action können Benutzer-Logins gesetzt werden. - if ( ! $this->request->isAction && $this->request->action != 'index' ) + if ( ! $this->request->isAction && $this->request->action != 'index' && $this->request->method != 'oidc' ) Session::close(); Logger::debug("Dispatcher executing {$this->request->action}/{$this->request->method}/" . $this->request->getRequestId().' -> '.$actionClassName.'#'.$subactionMethodName.'()'); @@ -332,6 +332,10 @@ class Dispatcher { // The validation exception is catched here $do->addValidationError( $ve->fieldName,$ve->key ); + + if ( !$this->request->isAction ) + // Validation exceptions should only be thrown in POST requests. + throw new BadMethodCallException("Validation error in GET request",0,$ve); } catch (\ReflectionException $re) { diff --git a/modules/cms/action/LoginAction.class.php b/modules/cms/action/LoginAction.class.php @@ -169,12 +169,19 @@ class LoginAction extends BaseAction public function oidcView() { - $providerName = $this->request->getRequiredRequestVar('id',RequestParams::FILTER_ALPHANUM); + if ( $this->hasRequestVar("id")) { + $providerName = $this->request->getRequestVar('id',RequestParams::FILTER_ALPHANUM); + Session::set(Session::KEY_OIDC_PROVIDER,$providerName); + }else { + $providerName = Session::get( Session::KEY_OIDC_PROVIDER); + } + $providerConfig = Configuration::subset(['security','oidc','provider',$providerName]); $oidc = new OpenIDConnectClient(); $oidc->setProviderURL ( $providerConfig->get('url' )); + $oidc->setIssuer ( $providerConfig->get('url' )); $oidc->setClientID ( $providerConfig->get('client_id' )); $oidc->setClientSecret( $providerConfig->get('client_secret')); diff --git a/modules/cms/ui/UI.class.php b/modules/cms/ui/UI.class.php @@ -43,7 +43,11 @@ class UI // Sending the Content-Security-Policy. self::setContentSecurityPolicy(); - if (empty($request->action)) { + if ( @$_REQUEST['scope']=='openid' ) { + $request->action = 'login'; + $request->method = 'oidc'; + } + elseif (empty($request->action)) { $request->action = 'index'; $request->method = 'show'; } diff --git a/modules/openid_connect/OpenIDConnectClient.class.php b/modules/openid_connect/OpenIDConnectClient.class.php @@ -1124,7 +1124,8 @@ class OpenIDConnectClient curl_setopt($ch, CURLOPT_HEADER, 0); // Allows to follow redirect - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); + // FIXME not possible in openbasedir-restrictions + //curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); /** * Set cert diff --git a/modules/util/Session.class.php b/modules/util/Session.class.php @@ -20,6 +20,7 @@ use cms\model\User; */ class Session { + const KEY_OIDC_PROVIDER = 'oidc_provider'; const KEY_DBID = 'dbid'; const KEY_DB = 'database'; const KEY_USER = 'userObject';