extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-22 14:41:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

move SiteSite cookie check into constructor to not affect static methods / email not using OAuth/OIC

Browse Source
This commit is contained in:
ralf 2024-01-08 12:51:07 +02:00
parent 9844a78b34
commit b6b6492139
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/src/Auth/OpenIDConnectClient.php
View File

@ -15,11 +15,6 @@ namespace EGroupware\Api\Auth;
use EGroupware\Api;
use Jumbojett\OpenIDConnectClientException;
if (!empty($GLOBALS['egw_info']['server']['cookie_samesite_attribute']) && $GLOBALS['egw_info']['server']['cookie_samesite_attribute'] === 'Strict')
{
throw new Api\Exception("OAuth/OpenIDConnect requires SameSite cookie attribute other then 'Strict' set in Admin > Site configuration > Security > Cookies!");
}
/**
* Extended OpenIDConnect client allowing to authenticate via some kind of promise, see authenticateThen method.
*
@ -71,6 +66,11 @@ class OpenIDConnectClient extends \Jumbojett\OpenIDConnectClient
public function __construct($provider_url = null, $client_id = null, $client_secret = null, $issuer = null)
{
if (!empty($GLOBALS['egw_info']['server']['cookie_samesite_attribute']) && $GLOBALS['egw_info']['server']['cookie_samesite_attribute'] === 'Strict')
{
throw new Api\Exception("OAuth/OpenIDConnect requires SameSite cookie attribute other then 'Strict' set in Admin > Site configuration > Security > Cookies!");
}
parent::__construct($provider_url, $client_id, $client_secret, $issuer);
// set https://proxy.egroupware.org/oauth as redirect URL, which redirects to host and path given in nonce parameter plus /api/oauth.php