From d3e9abc43392ef3421d640e84d7539cc3a5d36f0 Mon Sep 17 00:00:00 2001 From: Ransom Date: Tue, 30 Mar 2021 20:40:47 -0400 Subject: [PATCH] Fix connector template --- CHANGELOG.md | 7 +++++++ composer.json | 2 +- src/controllers/AuthorizeController.php | 16 +++++++++++++--- src/models/App.php | 8 ++++++-- src/templates/_connector/connector.twig | 6 +----- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 75ddb7e..4102fdd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/) and this project adheres to [Semantic Versioning](http://semver.org/). +## 2.1.9 - 2021-03-30 +### Added +- It's now possible to specify a redirect URL in `App::getRedirectUrl` + +### Fixed +- The `renderConnector` no longer uses a form to submit, making it possible to use within forms (e.g. field layout templates) + ## 2.1.8 - 2020-10-27 ### Fixed - Fixed Composer 2 compatibility (#32) diff --git a/composer.json b/composer.json index 3a4f61d..ae82dd2 100644 --- a/composer.json +++ b/composer.json @@ -2,7 +2,7 @@ "name": "venveo/craft-oauthclient", "description": "Simple OAuth 2.0 client", "type": "craft-plugin", - "version": "2.1.8", + "version": "2.1.9", "keywords": [ "craft", "cms", diff --git a/src/controllers/AuthorizeController.php b/src/controllers/AuthorizeController.php index 1d3a6df..c2a6082 100644 --- a/src/controllers/AuthorizeController.php +++ b/src/controllers/AuthorizeController.php @@ -18,6 +18,7 @@ use venveo\oauthclient\events\AuthorizationEvent; use venveo\oauthclient\models\App as AppModel; use venveo\oauthclient\Plugin; +use yii\web\HttpException; /** * @author Venveo @@ -49,14 +50,23 @@ public function actionAuthorizeApp($handle): Response $code = Craft::$app->request->getParam('code'); $state = Craft::$app->request->getParam('state'); + $event = new AuthorizationEvent(); + + $returnUrl = Craft::$app->request->getQueryParam('returnUrl'); + if ($returnUrl) { + $returnUrl = Craft::$app->security->validateData($returnUrl); + if (!$returnUrl) { + throw new HttpException(400, 'Security hash not valid'); + } + $event->returnUrl = $returnUrl; + } + // If any of those items are set, we'll assume we're getting a callback from the provider $callbackMode = false; if ($state || $error || $code) { $callbackMode = true; } - $event = new AuthorizationEvent(); - // We can either have a context in the params or in the session $event->context = Craft::$app->request->getParam('context'); if (Craft::$app->session->get(self::CONTEXT_SESSION_KEY)) { @@ -93,7 +103,7 @@ public function actionAuthorizeApp($handle): Response $app = Plugin::$plugin->apps->getAppByHandle($event->appHandle); if (!$app instanceof AppModel) { Craft::$app->response->setStatusCode(404, 'App handle does not exist'); - return null; + return Craft::$app->response; } $this->requirePermission('oauthclient-login:' . $app->uid); diff --git a/src/models/App.php b/src/models/App.php index 891519b..879fb79 100644 --- a/src/models/App.php +++ b/src/models/App.php @@ -7,6 +7,7 @@ use craft\elements\User; use craft\helpers\Template; use craft\helpers\UrlHelper; +use craft\services\Security; use craft\validators\UniqueValidator; use Exception; use Twig\Error\LoaderError; @@ -19,6 +20,7 @@ use venveo\oauthclient\records\Token as TokenRecord; use yii\base\InvalidConfigException; use yii\db\ActiveQuery; +use yii\web\HttpException; /** * Class App @@ -119,12 +121,14 @@ public function getCpEditUrl(): string * Get the URL callback URL * * @param null|string $context A context that will be passed to the controller to help tag events for handling. + * @param null $returnUrl * @return string */ - public function getRedirectUrl($context = null): string + public function getRedirectUrl($context = null, $returnUrl = null): string { return UrlHelper::cpUrl('oauth/authorize/' . $this->handle, [ - 'context' => $context + 'context' => $context, + 'returnUrl' => isset($returnUrl) ? Craft::$app->security->hashData(UrlHelper::url($returnUrl)) : null ]); } diff --git a/src/templates/_connector/connector.twig b/src/templates/_connector/connector.twig index 7d7780f..8c16850 100644 --- a/src/templates/_connector/connector.twig +++ b/src/templates/_connector/connector.twig @@ -7,11 +7,7 @@

Token Last Updated on {{ token.dateCreated|datetime('short') }}

{% else %}

Connect to {{ app.name }}

-
- {{ csrfInput() }} - {{ redirectInput(craft.app.request.url) }} - -
+ Connect {% endif %} {% endif %} \ No newline at end of file