From fdb82ea8c2f6d78f2179aa4897768ce8d885cc29 Mon Sep 17 00:00:00 2001 From: Julien Veyssier Date: Fri, 23 Feb 2024 11:45:00 +0100 Subject: [PATCH] prevent using ID4ME routes if ID4ME is disabled Signed-off-by: Julien Veyssier --- lib/Controller/Id4meController.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/lib/Controller/Id4meController.php b/lib/Controller/Id4meController.php index dd6dc20c..e50ac4d1 100644 --- a/lib/Controller/Id4meController.php +++ b/lib/Controller/Id4meController.php @@ -32,6 +32,7 @@ use OCA\UserOIDC\Db\Id4MeMapper; use OCA\UserOIDC\Db\UserMapper; use OCA\UserOIDC\Helper\HttpClientHelper; +use OCA\UserOIDC\Service\ID4MeService; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\AppFramework\Http; @@ -88,6 +89,8 @@ class Id4meController extends BaseOidcController { private $crypto; /** @var ITimeFactory */ private $timeFactory; + /** @var ID4MeService */ + private $id4MeService; public function __construct( IRequest $request, @@ -103,6 +106,7 @@ public function __construct( IUserManager $userManager, HttpClientHelper $clientHelper, Id4MeMapper $id4MeMapper, + ID4MeService $id4MeService, LoggerInterface $logger, ICrypto $crypto ) { @@ -121,6 +125,7 @@ public function __construct( $this->logger = $logger; $this->crypto = $crypto; $this->timeFactory = $timeFactory; + $this->id4MeService = $id4MeService; } /** @@ -129,6 +134,10 @@ public function __construct( * @UseSession */ public function showLogin() { + if (!$this->id4MeService->getID4ME()) { + $message = $this->l10n->t('ID4Me is disabled'); + return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false); + } Util::addStyle(Application::APP_ID, 'id4me-login'); $response = new Http\TemplateResponse('user_oidc', 'id4me/login', [], 'guest'); @@ -149,6 +158,10 @@ public function showLogin() { * @return RedirectResponse|TemplateResponse */ public function login(string $domain) { + if (!$this->id4MeService->getID4ME()) { + $message = $this->l10n->t('ID4Me is disabled'); + return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false); + } try { $authorityName = $this->id4me->discover($domain); } catch (InvalidOpenIdDomainException | OpenIdDnsRecordNotFoundException $e) { @@ -218,6 +231,10 @@ private function registerClient(string $authorityName, OpenIdConfig $openIdConfi * @throws \Exception */ public function code(string $state = '', string $code = '', string $scope = '') { + if (!$this->id4MeService->getID4ME()) { + $message = $this->l10n->t('ID4Me is disabled'); + return $this->build403TemplateResponse($message, Http::STATUS_FORBIDDEN, [], false); + } if ($this->session->get(self::STATE) !== $state) { $this->logger->debug('state does not match');