From 0b9253b79fc15754d6a0f6e2890aa6a33bc813af Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Tue, 20 Feb 2024 14:32:49 +0300 Subject: [PATCH 01/22] feat(oauth2): simple userinfo endpoint Signed-off-by: d.kudrinskiy --- apps/oauth2/appinfo/routes.php | 5 +++++ .../lib/Controller/OauthApiController.php | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/apps/oauth2/appinfo/routes.php b/apps/oauth2/appinfo/routes.php index 4ba398e13431f..86d39b6a3beae 100644 --- a/apps/oauth2/appinfo/routes.php +++ b/apps/oauth2/appinfo/routes.php @@ -43,5 +43,10 @@ 'url' => '/api/v1/token', 'verb' => 'POST' ], + [ + 'name' => 'OauthApi#getUserInfo', + 'url' => '/api/v1/userinfo', + 'verb' => 'GET' + ], ], ]; diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 46b68b1d5859a..5c4b0d15140cd 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -45,6 +45,7 @@ use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; use Psr\Log\LoggerInterface; +use OCP\IUserSession; class OauthApiController extends Controller { // the authorization code expires after 10 minutes @@ -62,6 +63,7 @@ public function __construct( private LoggerInterface $logger, private IThrottler $throttler, private ITimeFactory $timeFactory, + private IUserSession $userSession, ) { parent::__construct($appName, $request); } @@ -226,4 +228,21 @@ public function getToken( ] ); } + + /** + * @PublicPage + * @NoCSRFRequired + * + * @return JSONResponse + */ + public function getUserInfo() { + $user = $this->userSession->getUser(); + $displayname = explode(' ', $user->getDisplayName()); + return new JSONResponse([ + 'sub' => $user->getUID(), + 'given_name' => $displayname[0], + 'family_name' => $displayname[1] ? $displayname[1] : $displayname[0], + 'email' => $user->getEMailAddress() + ]); + } } From bbbfe4285af35ddc13904eedeb062e750098204b Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 21 Feb 2024 23:39:00 +0300 Subject: [PATCH 02/22] feat(oauth2): fix check null value, added more user_info field Signed-off-by: d.kudrinskiy --- .../lib/Controller/OauthApiController.php | 25 +++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 5c4b0d15140cd..934b1959e9193 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -237,12 +237,23 @@ public function getToken( */ public function getUserInfo() { $user = $this->userSession->getUser(); - $displayname = explode(' ', $user->getDisplayName()); - return new JSONResponse([ - 'sub' => $user->getUID(), - 'given_name' => $displayname[0], - 'family_name' => $displayname[1] ? $displayname[1] : $displayname[0], - 'email' => $user->getEMailAddress() - ]); + if ($user) { + $displayName = $user->getDisplayName(); + $partedName = explode(' ', $displayName); + $userId = $user->getUID(); + $response = new JSONResponse([ + 'sub' => $userId, + 'name' => $displayName, + 'given_name' => $partedName[0], + 'family_name' => $partedName[1] ?? $partedName[0], + 'email' => $user->getEMailAddress(), + 'picture' => \OC::$server->getURLGenerator()->getAbsoluteURL("index.php/avatar/$userId/512"), + ]); + }else{ + $response = new JSONResponse([ + 'error' => 'user_not_found', + ], Http::STATUS_NOT_FOUND); + } + return $response; } } From 21a1825e3fd8711cf024bb6198ab9b6d6520cce8 Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 21 Feb 2024 23:40:06 +0300 Subject: [PATCH 03/22] feat(oauth2): fix lint Signed-off-by: d.kudrinskiy --- apps/oauth2/lib/Controller/OauthApiController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 934b1959e9193..d9b71206c1c99 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -41,11 +41,11 @@ use OCP\Authentication\Exceptions\InvalidTokenException; use OCP\DB\Exception; use OCP\IRequest; +use OCP\IUserSession; use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; use Psr\Log\LoggerInterface; -use OCP\IUserSession; class OauthApiController extends Controller { // the authorization code expires after 10 minutes From fb8b06126d77d5666d8d5968422d5673c34e6d3d Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Thu, 22 Feb 2024 22:38:21 +0300 Subject: [PATCH 04/22] feat(oauth2): fix deprecated method Signed-off-by: d.kudrinskiy --- apps/oauth2/lib/Controller/OauthApiController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index d9b71206c1c99..9720faeef2824 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -42,6 +42,7 @@ use OCP\DB\Exception; use OCP\IRequest; use OCP\IUserSession; +use OCP\IURLGenerator; use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; @@ -64,6 +65,7 @@ public function __construct( private IThrottler $throttler, private ITimeFactory $timeFactory, private IUserSession $userSession, + private IURLGenerator $urlGenerator, ) { parent::__construct($appName, $request); } @@ -247,7 +249,7 @@ public function getUserInfo() { 'given_name' => $partedName[0], 'family_name' => $partedName[1] ?? $partedName[0], 'email' => $user->getEMailAddress(), - 'picture' => \OC::$server->getURLGenerator()->getAbsoluteURL("index.php/avatar/$userId/512"), + 'picture' => $this->urlGenerator->getAbsoluteURL("index.php/avatar/$userId/512"), ]); }else{ $response = new JSONResponse([ From 4a645fc595c54390026adeb3df9432818d0b32e2 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:28:42 +0300 Subject: [PATCH 05/22] Update apps/oauth2/lib/Controller/OauthApiController.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/lib/Controller/OauthApiController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 9720faeef2824..3221eb5653e72 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -237,7 +237,7 @@ public function getToken( * * @return JSONResponse */ - public function getUserInfo() { + public function getUserInfo(): JSONResponse { $user = $this->userSession->getUser(); if ($user) { $displayName = $user->getDisplayName(); From fecc3eff24308046501fee27b274b8df169525e9 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:28:54 +0300 Subject: [PATCH 06/22] Update apps/oauth2/lib/Controller/OauthApiController.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/lib/Controller/OauthApiController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 3221eb5653e72..b29ab8112d34a 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -251,7 +251,7 @@ public function getUserInfo(): JSONResponse { 'email' => $user->getEMailAddress(), 'picture' => $this->urlGenerator->getAbsoluteURL("index.php/avatar/$userId/512"), ]); - }else{ + } else { $response = new JSONResponse([ 'error' => 'user_not_found', ], Http::STATUS_NOT_FOUND); From a54d0cd293168ba0e8179af0f1a43dc78abde3e2 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Mon, 26 Feb 2024 12:54:16 +0300 Subject: [PATCH 07/22] Update apps/oauth2/lib/Controller/OauthApiController.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/lib/Controller/OauthApiController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index b29ab8112d34a..d88688aa43c22 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -239,7 +239,10 @@ public function getToken( */ public function getUserInfo(): JSONResponse { $user = $this->userSession->getUser(); - if ($user) { + if ($user === null) { + return new JSONResponse([ + 'error' => 'user_not_found', + ], Http::STATUS_NOT_FOUND); $displayName = $user->getDisplayName(); $partedName = explode(' ', $displayName); $userId = $user->getUID(); From c6efbeebaf538d2046b263b95a81971ddaa06eff Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Mon, 26 Feb 2024 12:56:09 +0300 Subject: [PATCH 08/22] feat(oauth2): user not found exception Signed-off-by: d.kudrinskiy --- apps/oauth2/lib/Controller/OauthApiController.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index d88688aa43c22..b450564acdc7b 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -243,6 +243,7 @@ public function getUserInfo(): JSONResponse { return new JSONResponse([ 'error' => 'user_not_found', ], Http::STATUS_NOT_FOUND); + } else { $displayName = $user->getDisplayName(); $partedName = explode(' ', $displayName); $userId = $user->getUID(); @@ -254,10 +255,6 @@ public function getUserInfo(): JSONResponse { 'email' => $user->getEMailAddress(), 'picture' => $this->urlGenerator->getAbsoluteURL("index.php/avatar/$userId/512"), ]); - } else { - $response = new JSONResponse([ - 'error' => 'user_not_found', - ], Http::STATUS_NOT_FOUND); } return $response; } From 3407a9207e1f8776d7a6b1aa15779e482255bee8 Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Mon, 26 Feb 2024 13:03:31 +0300 Subject: [PATCH 09/22] feat(oauth2): replace getAvatar with a named route Signed-off-by: d.kudrinskiy --- apps/oauth2/lib/Controller/OauthApiController.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index b450564acdc7b..54b453f1041cc 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -253,7 +253,10 @@ public function getUserInfo(): JSONResponse { 'given_name' => $partedName[0], 'family_name' => $partedName[1] ?? $partedName[0], 'email' => $user->getEMailAddress(), - 'picture' => $this->urlGenerator->getAbsoluteURL("index.php/avatar/$userId/512"), + 'picture' => $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ + 'userId' => $userId, + 'size' => 512 + ]) ]); } return $response; From 6405b2764f4b9c6a4a5974d45f1750f001a4e02f Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Mon, 26 Feb 2024 14:31:37 +0300 Subject: [PATCH 10/22] feat(oauth2): parted name for ru locale Signed-off-by: d.kudrinskiy --- .../oauth2/lib/Controller/OauthApiController.php | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 54b453f1041cc..58802e4dc2ce8 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -43,6 +43,7 @@ use OCP\IRequest; use OCP\IUserSession; use OCP\IURLGenerator; +use OCP\L10N\IFactory; use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; @@ -66,6 +67,7 @@ public function __construct( private ITimeFactory $timeFactory, private IUserSession $userSession, private IURLGenerator $urlGenerator, + private IFactory $l10nFactory, ) { parent::__construct($appName, $request); } @@ -247,17 +249,23 @@ public function getUserInfo(): JSONResponse { $displayName = $user->getDisplayName(); $partedName = explode(' ', $displayName); $userId = $user->getUID(); - $response = new JSONResponse([ + $locale = $this->l10nFactory->findLocale(); + + $userInfo = [ 'sub' => $userId, 'name' => $displayName, - 'given_name' => $partedName[0], - 'family_name' => $partedName[1] ?? $partedName[0], 'email' => $user->getEMailAddress(), 'picture' => $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ 'userId' => $userId, 'size' => 512 ]) - ]); + ]; + + if ($locale === 'ru') { + $userInfo['given_name'] = $partedName[0]; + $userInfo['family_name'] = $partedName[1] ?? $partedName[0]; + } + $response = new JSONResponse($userInfo); } return $response; } From d6e0ddff300b1771f568c9de095ed57bfefdd81f Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Mon, 26 Feb 2024 15:29:54 +0300 Subject: [PATCH 11/22] feat(oauth2): fix avatar absolute url Signed-off-by: d.kudrinskiy --- apps/oauth2/lib/Controller/OauthApiController.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 58802e4dc2ce8..03136313ce5ce 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -255,10 +255,11 @@ public function getUserInfo(): JSONResponse { 'sub' => $userId, 'name' => $displayName, 'email' => $user->getEMailAddress(), - 'picture' => $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ - 'userId' => $userId, - 'size' => 512 - ]) + 'picture' => $this->urlGenerator->getAbsoluteURL( + $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ + 'userId' => $userId, + 'size' => 512 + ])) ]; if ($locale === 'ru') { From 1ee8a1aaf6fcb0843b09e3931fcc1efb22c6f3bc Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 28 Feb 2024 15:49:08 +0300 Subject: [PATCH 12/22] feat(oauth2): fix early return Signed-off-by: d.kudrinskiy --- .../lib/Controller/OauthApiController.php | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 03136313ce5ce..2f08b1945c969 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -242,32 +242,31 @@ public function getToken( public function getUserInfo(): JSONResponse { $user = $this->userSession->getUser(); if ($user === null) { - return new JSONResponse([ + return new JSONResponse([ 'error' => 'user_not_found', ], Http::STATUS_NOT_FOUND); - } else { - $displayName = $user->getDisplayName(); - $partedName = explode(' ', $displayName); - $userId = $user->getUID(); - $locale = $this->l10nFactory->findLocale(); + } + $displayName = $user->getDisplayName(); + $partedName = explode(' ', $displayName); + $userId = $user->getUID(); + $locale = $this->l10nFactory->findLocale(); - $userInfo = [ - 'sub' => $userId, - 'name' => $displayName, - 'email' => $user->getEMailAddress(), - 'picture' => $this->urlGenerator->getAbsoluteURL( - $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ - 'userId' => $userId, - 'size' => 512 - ])) - ]; + $userInfo = [ + 'sub' => $userId, + 'name' => $displayName, + 'email' => $user->getEMailAddress(), + 'picture' => $this->urlGenerator->getAbsoluteURL( + $this->urlGenerator->linkToRoute('core.avatar.getAvatar', [ + 'userId' => $userId, + 'size' => 512 + ])) + ]; - if ($locale === 'ru') { - $userInfo['given_name'] = $partedName[0]; - $userInfo['family_name'] = $partedName[1] ?? $partedName[0]; - } - $response = new JSONResponse($userInfo); + if ($locale === 'ru') { + $userInfo['given_name'] = $partedName[0]; + $userInfo['family_name'] = $partedName[1] ?? $partedName[0]; } + $response = new JSONResponse($userInfo); return $response; } } From 03cf5d9d53af72dfb65154be27c10dcff6153fa9 Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Tue, 12 Mar 2024 00:24:34 +0300 Subject: [PATCH 13/22] feat(oauth2): separation name feature config Signed-off-by: d.kudrinskiy --- config/config.sample.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/config/config.sample.php b/config/config.sample.php index 364e573974a12..a6717286e72f2 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1962,7 +1962,7 @@ /** * Blacklist characters from being used in filenames. This is useful if you * have a filesystem or OS which does not support certain characters like windows. - * + * * The '/' and '\' characters are always forbidden. * * Example for windows systems: ``array('?', '<', '>', ':', '*', '|', '"', chr(0), "\n", "\r")`` @@ -2420,4 +2420,21 @@ * Defaults to ``true`` */ 'enable_non-accessible_features' => true, + +/** + * Endpoint OAuth2 userinfo settings + * + * The 'process_name' key defines the need to separate the name into given_name and family_name. If false then given_name and family_name are not passed. + * Defaults to ``false`` + * The 'separator' key is a symbol separating the first and last name. + * The key 'first_name_position' is the position of given_name in the name. + * The key 'family_name_position' is the position of family_name in the name. + */ +'oauth2' => + [ + 'process_name' => false, + 'separator' => ' ', + 'first_name_position' => 0, + 'family_name_position' => 1, + ], ]; From 1e264ac59b828d715e78dcf8843f8fdfe931086e Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Tue, 12 Mar 2024 01:39:04 +0300 Subject: [PATCH 14/22] feat(oauth2): optional separate name Signed-off-by: d.kudrinskiy --- .../lib/Controller/OauthApiController.php | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 2f08b1945c969..32d3666853545 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -43,7 +43,7 @@ use OCP\IRequest; use OCP\IUserSession; use OCP\IURLGenerator; -use OCP\L10N\IFactory; +use OCP\IConfig; use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; @@ -67,7 +67,7 @@ public function __construct( private ITimeFactory $timeFactory, private IUserSession $userSession, private IURLGenerator $urlGenerator, - private IFactory $l10nFactory, + private IConfig $config, ) { parent::__construct($appName, $request); } @@ -247,9 +247,7 @@ public function getUserInfo(): JSONResponse { ], Http::STATUS_NOT_FOUND); } $displayName = $user->getDisplayName(); - $partedName = explode(' ', $displayName); $userId = $user->getUID(); - $locale = $this->l10nFactory->findLocale(); $userInfo = [ 'sub' => $userId, @@ -262,9 +260,16 @@ public function getUserInfo(): JSONResponse { ])) ]; - if ($locale === 'ru') { - $userInfo['given_name'] = $partedName[0]; - $userInfo['family_name'] = $partedName[1] ?? $partedName[0]; + $oauth_conf = $this->config->getSystemValue('oauth2', ['process_name' => false]); + if ($oauth_conf["process_name"] === true && + key_exists("separator", $oauth_conf) && + key_exists("first_name_position", $oauth_conf) && + key_exists("family_name_position", $oauth_conf) && + $oauth_conf["separator"] !== "" + ) { + $partedName = explode($oauth_conf["separator"], $displayName); + $userInfo['given_name'] = $partedName[$oauth_conf["first_name_position"]]; + $userInfo['family_name'] = $partedName[$oauth_conf["family_name_position"]] ?? $partedName[0]; } $response = new JSONResponse($userInfo); return $response; From bf42920ce6ad445e731bd55dba97e0df0aff1244 Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 13 Mar 2024 13:38:42 +0300 Subject: [PATCH 15/22] feat(oauth2): add unit-test for GetUserInfo Signed-off-by: d.kudrinskiy --- .../Controller/OauthApiControllerTest.php | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index eec38890e05b5..0f2294c8b1441 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -39,7 +39,10 @@ use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\IConfig; use OCP\IRequest; +use OCP\IURLGenerator; +use OCP\IUserSession; use OCP\Security\Bruteforce\IThrottler; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; @@ -88,6 +91,10 @@ protected function setUp(): void { $this->throttler = $this->createMock(IThrottler::class); $this->logger = $this->createMock(LoggerInterface::class); $this->timeFactory = $this->createMock(ITimeFactory::class); + $this->user = $this->createMock(IUser::class); + $this->userSession = $this->createMock(IUserSession::class); + $this->urlGenerator = $this->createMock(IURLGenerator::class); + $this->config = $this->createMock(IConfig::class); $this->oauthApiController = new OauthApiController( 'oauth2', @@ -616,4 +623,22 @@ public function testRefreshTokenExpiredAppToken() { $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret')); } + + public function testGetUserInfo() { + $this->user->method('getDisplayName')->willReturn('Test User'); + $this->user->method('getUID')->willReturn('testuser'); + $this->user->method('getEMailAddress')->willReturn('testuser@example.com'); + + $this->userSession->method('getUser')->willReturn($this->user); + $this->urlGenerator->method('getAbsoluteURL')->willReturn('http://localhost/avatar.png'); + $this->config->method('getSystemValue')->willReturn(['process_name' => false]); + + $response = $this->oauthApiController->getUserInfo(); + + $this->assertInstanceOf(JSONResponse::class, $response); + $this->assertEquals('Test User', $response->getData()['name']); + $this->assertEquals('testuser', $response->getData()['sub']); + $this->assertEquals('testuser@example.com', $response->getData()['email']); + $this->assertEquals('http://localhost/avatar.png', $response->getData()['picture']); + } } From b6f6651d0f025ce7f95fbdd4f3125e792938a11e Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 13 Mar 2024 18:19:57 +0300 Subject: [PATCH 16/22] feat(oauth2): add unit-test for GetUserInfo separate mode Signed-off-by: d.kudrinskiy --- .../Controller/OauthApiControllerTest.php | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index 0f2294c8b1441..4b3c1984c913e 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -641,4 +641,29 @@ public function testGetUserInfo() { $this->assertEquals('testuser@example.com', $response->getData()['email']); $this->assertEquals('http://localhost/avatar.png', $response->getData()['picture']); } + + public function testGetUserInfoWithSeparate() { + $this->user->method('getDisplayName')->willReturn('Test User'); + $this->user->method('getUID')->willReturn('testuser'); + $this->user->method('getEMailAddress')->willReturn('testuser@example.com'); + + $this->userSession->method('getUser')->willReturn($this->user); + $this->urlGenerator->method('getAbsoluteURL')->willReturn('http://localhost/avatar.png'); + + $this->config->method('getSystemValue') + ->willReturn([ + 'process_name' => true, + 'separator' => ' ', + 'first_name_position' => 0, + 'family_name_position' => 1 + ]); + $response = $this->oauthApiController->getUserInfo(); + + $this->assertInstanceOf(JSONResponse::class, $response); + $this->assertEquals('testuser', $response->getData()['sub']); + $this->assertEquals('testuser@example.com', $response->getData()['email']); + $this->assertEquals('http://localhost/avatar.png', $response->getData()['picture']); + $this->assertEquals('Test', $response->getData()['given_name']); + $this->assertEquals('User', $response->getData()['family_name']); + } } From a424e9661077722b4743e287ecb26c741fe0a1c2 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:50:53 +0300 Subject: [PATCH 17/22] Update apps/oauth2/lib/Controller/OauthApiController.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/lib/Controller/OauthApiController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 32d3666853545..b9948e23eeff9 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -260,7 +260,7 @@ public function getUserInfo(): JSONResponse { ])) ]; - $oauth_conf = $this->config->getSystemValue('oauth2', ['process_name' => false]); + $oauthConf = $this->config->getSystemValue('oauth2', ['process_name' => false]); if ($oauth_conf["process_name"] === true && key_exists("separator", $oauth_conf) && key_exists("first_name_position", $oauth_conf) && From 1c1fa9e6ab251892a27adf7d5e8f5d294435cbdc Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:51:01 +0300 Subject: [PATCH 18/22] Update apps/oauth2/lib/Controller/OauthApiController.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/lib/Controller/OauthApiController.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index b9948e23eeff9..6656eb7e345a7 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -271,7 +271,6 @@ public function getUserInfo(): JSONResponse { $userInfo['given_name'] = $partedName[$oauth_conf["first_name_position"]]; $userInfo['family_name'] = $partedName[$oauth_conf["family_name_position"]] ?? $partedName[0]; } - $response = new JSONResponse($userInfo); - return $response; + return new JSONResponse($userInfo); } } From dd9edb832ee4d19d7105b2c91ca5c15df8350180 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:51:08 +0300 Subject: [PATCH 19/22] Update apps/oauth2/tests/Controller/OauthApiControllerTest.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/tests/Controller/OauthApiControllerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index 4b3c1984c913e..d6a6f8df4dcc6 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -624,7 +624,7 @@ public function testRefreshTokenExpiredAppToken() { $this->assertEquals($expected, $this->oauthApiController->getToken('refresh_token', null, 'validrefresh', 'clientId', 'clientSecret')); } - public function testGetUserInfo() { + public function testGetUserInfo(): void { $this->user->method('getDisplayName')->willReturn('Test User'); $this->user->method('getUID')->willReturn('testuser'); $this->user->method('getEMailAddress')->willReturn('testuser@example.com'); From 16edc4092797d719fbb40f044e5cd5d100d62b67 Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:51:14 +0300 Subject: [PATCH 20/22] Update apps/oauth2/tests/Controller/OauthApiControllerTest.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- apps/oauth2/tests/Controller/OauthApiControllerTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/oauth2/tests/Controller/OauthApiControllerTest.php b/apps/oauth2/tests/Controller/OauthApiControllerTest.php index d6a6f8df4dcc6..d38d87969ef09 100644 --- a/apps/oauth2/tests/Controller/OauthApiControllerTest.php +++ b/apps/oauth2/tests/Controller/OauthApiControllerTest.php @@ -642,7 +642,7 @@ public function testGetUserInfo(): void { $this->assertEquals('http://localhost/avatar.png', $response->getData()['picture']); } - public function testGetUserInfoWithSeparate() { + public function testGetUserInfoWithSeparate(): void { $this->user->method('getDisplayName')->willReturn('Test User'); $this->user->method('getUID')->willReturn('testuser'); $this->user->method('getEMailAddress')->willReturn('testuser@example.com'); From b077248ae13817a77f8ad6c90d7c7fcf6a9bbc8f Mon Sep 17 00:00:00 2001 From: Danila <57199291+hardviper@users.noreply.github.com> Date: Wed, 13 Mar 2024 21:51:23 +0300 Subject: [PATCH 21/22] Update config/config.sample.php Co-authored-by: Christoph Wurst Signed-off-by: Danila <57199291+hardviper@users.noreply.github.com> --- config/config.sample.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/config.sample.php b/config/config.sample.php index a6717286e72f2..7b76b1e59a473 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -2422,7 +2422,7 @@ 'enable_non-accessible_features' => true, /** - * Endpoint OAuth2 userinfo settings + * OAuth2 userinfo endpoint settings * * The 'process_name' key defines the need to separate the name into given_name and family_name. If false then given_name and family_name are not passed. * Defaults to ``false`` From 540eb165aa802b805fb98ca8202e113f8980411f Mon Sep 17 00:00:00 2001 From: "d.kudrinskiy" Date: Wed, 13 Mar 2024 23:20:35 +0300 Subject: [PATCH 22/22] feat(oauth2): fix var name Signed-off-by: d.kudrinskiy --- .../oauth2/lib/Controller/OauthApiController.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index 6656eb7e345a7..e021e5a29acd0 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -261,15 +261,15 @@ public function getUserInfo(): JSONResponse { ]; $oauthConf = $this->config->getSystemValue('oauth2', ['process_name' => false]); - if ($oauth_conf["process_name"] === true && - key_exists("separator", $oauth_conf) && - key_exists("first_name_position", $oauth_conf) && - key_exists("family_name_position", $oauth_conf) && - $oauth_conf["separator"] !== "" + if ($oauthConf["process_name"] === true && + key_exists("separator", $oauthConf) && + key_exists("first_name_position", $oauthConf) && + key_exists("family_name_position", $oauthConf) && + $oauthConf["separator"] !== "" ) { - $partedName = explode($oauth_conf["separator"], $displayName); - $userInfo['given_name'] = $partedName[$oauth_conf["first_name_position"]]; - $userInfo['family_name'] = $partedName[$oauth_conf["family_name_position"]] ?? $partedName[0]; + $partedName = explode($oauthConf["separator"], $displayName); + $userInfo['given_name'] = $partedName[$oauthConf["first_name_position"]]; + $userInfo['family_name'] = $partedName[$oauthConf["family_name_position"]] ?? $partedName[0]; } return new JSONResponse($userInfo); }