Home Explore Help
Sign In
torambo.com
/
yunohost_glpi_singlesignon
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix #9 Google callback with parameters (#20)

* Fix for google callback with parameters

* Fix lint

* fix lint
Kevin HAINRY 4 years ago
parent
fdb6722027
commit
c79c0dd4d6
4 changed files with 20 additions and 8 deletions
Split View Show Diff Stats
  1. 2 0
      front/callback.php
  2. 1 1
      hook.php
  3. 12 4
      inc/provider.class.php
  4. 5 3
      inc/toolbox.class.php

+ 2 - 0
front/callback.php
View File 

@@ -60,6 +60,8 @@ if ($user_id || $signon_provider->login()) {
 
 
    if (isset($params['redirect'])) {
 
       $REDIRECT = '?redirect=' . $params['redirect'];
 
+   } else if (isset($_GET['state']) && is_integer(strpos($_GET['state'], "&redirect="))) {
 
+      $REDIRECT = '?' . substr($_GET['state'], strpos($_GET['state'], "&redirect=") + 1);
 
    }
 
 
    if ($_SESSION["glpiactiveprofile"]["interface"] == "helpdesk") {

+ 1 - 1
hook.php
View File 

@@ -20,7 +20,7 @@ function plugin_singlesignon_display_login() {
 
          $query['redirect'] = $_REQUEST['redirect'];
 
       }
 
 
-      $url = PluginSinglesignonToolbox::getCallbackUrl($row['id'], $query);
 
+      $url = PluginSinglesignonToolbox::getCallbackUrl($row, $query);
 
       $html[] = PluginSinglesignonToolbox::renderButton($url, $row);
 
    }

+ 12 - 4
inc/provider.class.php
View File 

@@ -873,11 +873,14 @@ class PluginSinglesignonProvider extends CommonDBTM {
 
       }
 
 
       if (!isset($_GET['code'])) {
 
-
 
+         $state = Session::getNewCSRFToken();
 
+         if (isset($_SESSION['redirect'])) {
 
+            $state .= "&redirect=" . $_SESSION['redirect'];
 
+         }
 
          $params = [
 
             'client_id' => $this->getClientId(),
 
             'scope' => $this->getScope(),
 
-            'state' => Session::getNewCSRFToken(),
 
+            'state' => $state,
 
             'response_type' => 'code',
 
             'approval_prompt' => 'auto',
 
             'redirect_uri' => $this->getCurrentURL(),
 
@@ -894,9 +897,14 @@ class PluginSinglesignonProvider extends CommonDBTM {
 
          exit;
 
       }
 
 
+      if (isset($_GET['state']) && is_integer(strpos($_GET['state'], "&redirect="))) {
 
+         $pos_redirect  = strpos($_GET['state'], "&redirect=");
 
+         $state         = substr($_GET['state'], 0, $pos_redirect);
 
+         $_GET['state'] = substr($_GET['state'], $pos_redirect);
 
+      } else {
 
+         $state = isset($_GET['state']) ? $_GET['state'] : '';
 
+      }
 
       // Check given state against previously stored one to mitigate CSRF attack
 
-      $state = isset($_GET['state']) ? $_GET['state'] : '';
 
-
 
       Session::checkCSRF([
 
          '_glpi_csrf_token' => $state,
 
       ]);

+ 5 - 3
inc/toolbox.class.php
View File 

@@ -9,15 +9,17 @@ class PluginSinglesignonToolbox {
 
     * @param array $query
 
     * @return string
 
     */
 
-   public static function getCallbackUrl($id, $query = []) {
 
+   public static function getCallbackUrl($row, $query = []) {
 
       global $CFG_GLPI;
 
 
       $url = $CFG_GLPI['root_doc'] . '/plugins/singlesignon/front/callback.php';
 
 
-      $url .= "/provider/$id";
 
+      $url .= "/provider/".$row['id'];
 
 
-      if (!empty($query)) {
 
+      if (!empty($query) && $row['type'] != 'google') {
 
          $url .= "/q/" . base64_encode(http_build_query($query));
 
+      } else if (!empty($query) && $row['type'] == 'google') {
 
+         $_SESSION['redirect'] = $query['redirect'];
 
       }
 
 
       return $url;