Fix connector template

venveo · Mar 31, 2021 · d3e9abc · d3e9abc
1 parent bd2890b
commit d3e9abc
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/).
 
+## 2.1.9 - 2021-03-30
+### Added
+- It's now possible to specify a redirect URL in `App::getRedirectUrl`
+
+### Fixed
+- The `renderConnector` no longer uses a form to submit, making it possible to use within forms (e.g. field layout templates)
+
 ## 2.1.8 - 2020-10-27
 ### Fixed
 - Fixed Composer 2 compatibility (#32)

diff --git a/composer.json b/composer.json
@@ -2,7 +2,7 @@
   "name": "venveo/craft-oauthclient",
   "description": "Simple OAuth 2.0 client",
   "type": "craft-plugin",
-  "version": "2.1.8",
+  "version": "2.1.9",
   "keywords": [
     "craft",
     "cms",

diff --git a/src/controllers/AuthorizeController.php b/src/controllers/AuthorizeController.php
@@ -18,6 +18,7 @@
 use venveo\oauthclient\events\AuthorizationEvent;
 use venveo\oauthclient\models\App as AppModel;
 use venveo\oauthclient\Plugin;
+use yii\web\HttpException;
 
 /**
  * @author    Venveo
@@ -49,14 +50,23 @@ public function actionAuthorizeApp($handle): Response
         $code = Craft::$app->request->getParam('code');
         $state = Craft::$app->request->getParam('state');
 
+        $event = new AuthorizationEvent();
+
+        $returnUrl = Craft::$app->request->getQueryParam('returnUrl');
+        if ($returnUrl) {
+            $returnUrl = Craft::$app->security->validateData($returnUrl);
+            if (!$returnUrl) {
+                throw new HttpException(400, 'Security hash not valid');
+            }
+            $event->returnUrl = $returnUrl;
+        }
+
         // If any of those items are set, we'll assume we're getting a callback from the provider
         $callbackMode = false;
         if ($state || $error || $code) {
             $callbackMode = true;
         }
 
-        $event = new AuthorizationEvent();
-
         // We can either have a context in the params or in the session
         $event->context = Craft::$app->request->getParam('context');
         if (Craft::$app->session->get(self::CONTEXT_SESSION_KEY)) {
@@ -93,7 +103,7 @@ public function actionAuthorizeApp($handle): Response
         $app = Plugin::$plugin->apps->getAppByHandle($event->appHandle);
         if (!$app instanceof AppModel) {
             Craft::$app->response->setStatusCode(404, 'App handle does not exist');
-            return null;
+            return Craft::$app->response;
         }
 
         $this->requirePermission('oauthclient-login:' . $app->uid);

diff --git a/src/models/App.php b/src/models/App.php
@@ -7,6 +7,7 @@
 use craft\elements\User;
 use craft\helpers\Template;
 use craft\helpers\UrlHelper;
+use craft\services\Security;
 use craft\validators\UniqueValidator;
 use Exception;
 use Twig\Error\LoaderError;
@@ -19,6 +20,7 @@
 use venveo\oauthclient\records\Token as TokenRecord;
 use yii\base\InvalidConfigException;
 use yii\db\ActiveQuery;
+use yii\web\HttpException;
 
 /**
  * Class App
@@ -119,12 +121,14 @@ public function getCpEditUrl(): string
      * Get the URL callback URL
      *
      * @param null|string $context A context that will be passed to the controller to help tag events for handling.
+     * @param null $returnUrl
      * @return string
      */
-    public function getRedirectUrl($context = null): string
+    public function getRedirectUrl($context = null, $returnUrl = null): string
     {
         return UrlHelper::cpUrl('oauth/authorize/' . $this->handle, [
-            'context' => $context
+            'context' => $context,
+            'returnUrl' => isset($returnUrl) ? Craft::$app->security->hashData(UrlHelper::url($returnUrl)) : null
         ]);
     }
 

diff --git a/src/templates/_connector/connector.twig b/src/templates/_connector/connector.twig
@@ -7,11 +7,7 @@
             <h4>Token Last Updated on {{ token.dateCreated|datetime('short') }}</h4>
         {% else %}
             <h3>Connect to {{ app.name }}</h3>
-            <form method="post" action="{{ app.getRedirectUrl(context) }}">
-                {{ csrfInput() }}
-                {{ redirectInput(craft.app.request.url) }}
-                <button type="submit" class="btn formsubmit">Connect</button>
-            </form>
+                <a href="{{ app.getRedirectUrl(context, craft.app.request.url) }}" type="submit" class="btn formsubmit">Connect</a>
         {% endif %}
     {% endif %}
 </div>