diff --git a/extend.php b/extend.php index cebf87a..2d24d6b 100644 --- a/extend.php +++ b/extend.php @@ -35,5 +35,10 @@ return [ ->patch('/oauth-clients/{id}', 'oauth.clients.update', Api\Controller\UpdateClientController::class) ->delete('/oauth-clients/{id}', 'oauth.clients.delete', Api\Controller\DeleteClientController::class), + (new Extend\Settings) + ->serializeToForum('foskym-oauth-center.allow_implicit', 'foskym-oauth-center.allow_implicit', 'boolval') + ->serializeToForum('foskym-oauth-center.enforce_state', 'foskym-oauth-center.enforce_state', 'boolval') + ->serializeToForum('foskym-oauth-center.require_exact_redirect_uri', 'foskym-oauth-center.require_exact_redirect_uri', 'boolval'), + (new Extend\Middleware('api'))->add(ResourceScopeMiddleware::class), ]; diff --git a/js/dist/forum.js b/js/dist/forum.js index 7564cab..2422d75 100644 Binary files a/js/dist/forum.js and b/js/dist/forum.js differ diff --git a/js/dist/forum.js.map b/js/dist/forum.js.map index cef956e..40b9e1e 100644 Binary files a/js/dist/forum.js.map and b/js/dist/forum.js.map differ diff --git a/js/src/forum/components/oauth/AuthorizePage.js b/js/src/forum/components/oauth/AuthorizePage.js index 467eeb8..10ac76b 100644 --- a/js/src/forum/components/oauth/AuthorizePage.js +++ b/js/src/forum/components/oauth/AuthorizePage.js @@ -21,8 +21,22 @@ export default class AuthorizePage extends IndexPage { } else { this.params = params; app.store.find('oauth-clients', params.client_id).then(client => { - this.client = client; - console.log(client); + if (client.length === 0) { + m.route.set('/'); + } else { + this.client = client[0]; + const uris = client.redirect_uri.split(' '); + console.log(uris); + if (app.forum.attribute('foskym-oauth-center.require_exact_redirect_uri') && uris.indexOf(params.redirect_uri) == -1) { + m.route.set('/'); + } + if (app.forum.attribute('foskym-oauth-center.allow_implicit') && params.response_type == 'token') { + m.route.set('/'); + } + if (app.forum.attribute('foskym-oauth-center.enforce_state') && params.enforce_state == null) { + m.route.set('/'); + } + } }); } } @@ -32,6 +46,11 @@ export default class AuthorizePage extends IndexPage { app.setTitleCount(0); } view() { + if (!this.client) { + return ''; + } + app.setTitle(extractText(app.translator.trans('foskym-oauth-center.forum.page.title.authorize') + ' ' + this.client.client_name)); + app.setTitleCount(0); return (
diff --git a/src/Api/Controller/ShowClientController.php b/src/Api/Controller/ShowClientController.php index 2b662d7..5a64375 100644 --- a/src/Api/Controller/ShowClientController.php +++ b/src/Api/Controller/ShowClientController.php @@ -8,21 +8,17 @@ use Illuminate\Support\Arr; use Psr\Http\Message\ServerRequestInterface; use Tobscure\JsonApi\Document; use FoskyM\OAuthCenter\Models\Client; -use FoskyM\OAuthCenter\Api\Serializer\ClientSerializer; +use FoskyM\OAuthCenter\Api\Serializer\ClientPublicSerializer; class ShowClientController extends AbstractListController { - public $serializer = ClientSerializer::class; + public $serializer = ClientPublicSerializer::class; protected function data(ServerRequestInterface $request, Document $document) { $client_id = Arr::get($request->getQueryParams(), 'client_id'); RequestUtil::getActor($request)->assertRegistered(); - $client = Client::whereOrFail('client_id', $client_id); - - if (isset($client->client_secret)) { - $client->client_secret = ''; - } + $client = Client::where('client_id', $client_id)->get(); return $client; diff --git a/src/Api/Serializer/ClientPublicSerializer.php b/src/Api/Serializer/ClientPublicSerializer.php new file mode 100644 index 0000000..660fd63 --- /dev/null +++ b/src/Api/Serializer/ClientPublicSerializer.php @@ -0,0 +1,35 @@ + $model->id, + "client_id" => $model->client_id, + "redirect_uri" => $model->redirect_uri, + "grant_types" => $model->grant_types, + "scope" => $model->scope, + "client_name" => $model->client_name, + "client_icon" => $model->client_icon, + "client_desc" => $model->client_desc, + "client_home" => $model->client_home + ]; + } +}