Skip to content

Commit

Permalink
prevent using ID4ME routes if ID4ME is disabled
Browse files Browse the repository at this point in the history 
Signed-off-by: Julien Veyssier <[email protected]>
  • Loading branch information
@julien-nc
julien-nc committed Feb 23, 2024
1 parent 608f7b4 commit fdb82ea
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions lib/Controller/Id4meController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
use OCA\UserOIDC\Db\Id4MeMapper;
use OCA\UserOIDC\Db\UserMapper;
use OCA\UserOIDC\Helper\HttpClientHelper;
use OCA\UserOIDC\Service\ID4MeService;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Db\MultipleObjectsReturnedException;
use OCP\AppFramework\Http;
Expand Down Expand Up @@ -88,6 +89,8 @@ class Id4meController extends BaseOidcController {
private $crypto;
/** @var ITimeFactory */
private $timeFactory;
/** @var ID4MeService */
private $id4MeService;

public function __construct(
IRequest $request,
Expand All @@ -103,6 +106,7 @@ public function __construct(
IUserManager $userManager,
HttpClientHelper $clientHelper,
Id4MeMapper $id4MeMapper,
ID4MeService $id4MeService,
LoggerInterface $logger,
ICrypto $crypto
) {
Expand All @@ -121,6 +125,7 @@ public function __construct(
$this->logger = $logger;
$this->crypto = $crypto;
$this->timeFactory = $timeFactory;
$this->id4MeService = $id4MeService;
}

/**
Expand All @@ -129,6 +134,10 @@ public function __construct(
* @UseSession
*/
public function showLogin() {
if (!$this->id4MeService->getID4ME()) {
$message = $this->l10n->t('ID4Me is disabled');
return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false);
}
Util::addStyle(Application::APP_ID, 'id4me-login');
$response = new Http\TemplateResponse('user_oidc', 'id4me/login', [], 'guest');

Expand All @@ -149,6 +158,10 @@ public function showLogin() {
* @return RedirectResponse|TemplateResponse
*/
public function login(string $domain) {
if (!$this->id4MeService->getID4ME()) {
$message = $this->l10n->t('ID4Me is disabled');
return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false);
}
try {
$authorityName = $this->id4me->discover($domain);
} catch (InvalidOpenIdDomainException | OpenIdDnsRecordNotFoundException $e) {
Expand Down Expand Up @@ -218,6 +231,10 @@ private function registerClient(string $authorityName, OpenIdConfig $openIdConfi
* @throws \Exception
*/
public function code(string $state = '', string $code = '', string $scope = '') {
if (!$this->id4MeService->getID4ME()) {
$message = $this->l10n->t('ID4Me is disabled');
return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false);
}
if ($this->session->get(self::STATE) !== $state) {
$this->logger->debug('state does not match');

Expand Down

0 comments on commit fdb82ea

Please sign in to comment.