Merge pull request #14342 from annando/issue-14303

Issue 14303: Fixes %3f problem with OAuth login
2024-11-09 23:42:53 +00:00 · 2024-08-04 16:56:33 +02:00 · 2024-08-04 16:56:33 +02:00 · be7e2e4984
commit be7e2e4984
parent 89084c6b05 efee399397
3 changed files with 9 additions and 5 deletions
--- a/src/Module/OAuth/Acknowledge.php
+++ b/src/Module/OAuth/Acknowledge.php
@ -45,7 +45,7 @@ class Acknowledge extends BaseApi

 	protected function content(array $request = []): string
 	{
-		DI::session()->set('return_path', $_REQUEST['return_path'] ?? '');
+		DI::session()->set('return_path', 'oauth/authorize?' . $request['return_authorize']);

 		$o = Renderer::replaceMacros(Renderer::getMarkupTemplate('oauth_authorize.tpl'), [
 			'$title'     => DI::l10n()->t('Authorize application connection'),
--- a/src/Module/OAuth/Authorize.php
+++ b/src/Module/OAuth/Authorize.php
@ -68,19 +68,19 @@ class Authorize extends BaseApi

 		$redirect_request = $_REQUEST;
 		unset($redirect_request['pagename']);
-		$redirect = 'oauth/authorize?' . http_build_query($redirect_request);
+		$redirect = http_build_query($redirect_request);

 		$uid = DI::userSession()->getLocalUserId();
 		if (empty($uid)) {
 			Logger::info('Redirect to login');
-			DI::app()->redirect('login?return_path=' . urlencode($redirect));
+			DI::app()->redirect('login?' . http_build_query(['return_authorize' => $redirect]));
 		} else {
 			Logger::info('Already logged in user', ['uid' => $uid]);
 		}

 		if (!OAuth::existsTokenForUser($application, $uid) && !DI::session()->get('oauth_acknowledge')) {
 			Logger::info('Redirect to acknowledge');
-			DI::app()->redirect('oauth/acknowledge?' . http_build_query(['return_path' => $redirect, 'application' => $application['name']]));
+			DI::app()->redirect('oauth/acknowledge?' . http_build_query(['return_authorize' => $redirect, 'application' => $application['name']]));
 		}

 		DI::session()->remove('oauth_acknowledge');
--- a/src/Module/Security/Login.php
+++ b/src/Module/Security/Login.php
@ -60,7 +60,11 @@ class Login extends BaseModule

 	protected function content(array $request = []): string
 	{
-		$return_path = $request['return_path'] ?? $this->session->pop('return_path', '') ;
+		if (!empty($request['return_authorize'])) {
+			$return_path = 'oauth/authorize?' . $request['return_authorize'];
+		} else {
+			$return_path = $request['return_path'] ?? $this->session->pop('return_path', '') ;
+		}

 		if ($this->session->getLocalUserId()) {
 			$this->baseUrl->redirect($return_path);