mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 05:58:34 +01:00
d0789c1a7a
Pass the errors back to the calling code when the user is authenticated, otherwise, fall back on the existing redirection to the login page.
71 lines
2.6 KiB
PHP
71 lines
2.6 KiB
PHP
<?php
|
|
|
|
// This file is part of Moodle - http://moodle.org/
|
|
//
|
|
// Moodle is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// Moodle is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
/**
|
|
* An oauth2 redirection endpoint which can be used for an application:
|
|
* http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-3.1.2
|
|
*
|
|
* This is used because some oauth servers will not allow a redirect urls
|
|
* with get params (like repository callback) and that needs to be called
|
|
* using the state param.
|
|
*
|
|
* @package core
|
|
* @copyright 2012 Dan Poltawski
|
|
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
|
|
*/
|
|
|
|
require_once(__DIR__ . '/../config.php');
|
|
|
|
// The state parameter we've given (used in moodle as a redirect url).
|
|
// Per https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2.1, state is required, even during error responses.
|
|
$state = required_param('state', PARAM_LOCALURL);
|
|
$redirecturl = new moodle_url($state);
|
|
$params = $redirecturl->params();
|
|
|
|
$error = optional_param('error', '', PARAM_RAW);
|
|
|
|
if ($error) {
|
|
$message = optional_param('error_description', null, PARAM_RAW);
|
|
|
|
// Errors can occur for authenticated users, such as when a user denies authorization for some internal service call.
|
|
// In such cases, propagate the error to the component redirect URI.
|
|
if (isloggedin()) {
|
|
if (isset($params['sesskey']) && confirm_sesskey($params['sesskey'])) {
|
|
$redirecturl->param('error', $error);
|
|
if ($message) {
|
|
$redirecturl->param('error_description', $message);
|
|
}
|
|
redirect($redirecturl);
|
|
}
|
|
}
|
|
|
|
// Not logged in or the sesskey verification failed, redirect to login + show errors.
|
|
$SESSION->loginerrormsg = $message ?? $error;
|
|
redirect(new moodle_url(get_login_url()));
|
|
}
|
|
|
|
// The authorization code generated by the authorization server.
|
|
$code = required_param('code', PARAM_RAW);
|
|
|
|
if (isset($params['sesskey']) and confirm_sesskey($params['sesskey'])) {
|
|
$redirecturl->param('oauth2code', $code);
|
|
redirect($redirecturl);
|
|
} else {
|
|
$SESSION->loginerrormsg = get_string('invalidsesskey', 'error');
|
|
redirect(new moodle_url(get_login_url()));
|
|
}
|