mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-17 13:38:32 +01:00
Code Issues Projects Releases Wiki Activity

MDL-77382 core: fix error handling in oauth2 callback for auth'd users

Browse Source 
Pass the errors back to the calling code when the user is authenticated,
otherwise, fall back on the existing redirection to the login page.
This commit is contained in:
Jake Dallimore 2023-02-23 17:33:41 +08:00
parent 5e1df25566
commit d0789c1a7a
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
admin/oauth2callback.php
View File

@ -30,25 +30,36 @@
require_once(__DIR__ . '/../config.php');
// The state parameter we've given (used in moodle as a redirect url).
// Per https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1, state is required, even during error responses.
$state = required_param('state', PARAM_LOCALURL);
$redirecturl = new moodle_url($state);
$params = $redirecturl->params();
$error = optional_param('error', '', PARAM_RAW);
if ($error) {
$message = optional_param('error_description', '', PARAM_RAW);
if ($message) {
$SESSION->loginerrormsg = $message;
redirect(new moodle_url(get_login_url()));
} else {
$SESSION->loginerrormsg = $error;
redirect(new moodle_url(get_login_url()));
$message = optional_param('error_description', null, PARAM_RAW);
// Errors can occur for authenticated users, such as when a user denies authorization for some internal service call.
// In such cases, propagate the error to the component redirect URI.
if (isloggedin()) {
if (isset($params['sesskey']) && confirm_sesskey($params['sesskey'])) {
$redirecturl->param('error', $error);
if ($message) {
$redirecturl->param('error_description', $message);
}
redirect($redirecturl);
}
}
// Not logged in or the sesskey verification failed, redirect to login + show errors.
$SESSION->loginerrormsg = $message ?? $error;
redirect(new moodle_url(get_login_url()));
}
// The authorization code generated by the authorization server.
$code = required_param('code', PARAM_RAW);
// The state parameter we've given (used in moodle as a redirect url).
$state = required_param('state', PARAM_LOCALURL);
$redirecturl = new moodle_url($state);
$params = $redirecturl->params();
if (isset($params['sesskey']) and confirm_sesskey($params['sesskey'])) {
$redirecturl->param('oauth2code', $code);