diff --git a/classes/OAuth2RequestHandler.php b/classes/OAuth2RequestHandler.php
index b3f585ee7b0507ca321554324fd001089dadc1f1..487f13928ffceff634ed0300697afb3de51a63fa 100644
--- a/classes/OAuth2RequestHandler.php
+++ b/classes/OAuth2RequestHandler.php
@@ -21,7 +21,7 @@ class OAuth2RequestHandler {
}
$client = $this->locator->getBrowserBasedOAuth2ClientById($params['client_id']);
- if ($client->redirectUrl !== $params['redirect_uri']) {
+ if (!$client->validRedirectUrl($params['redirect_uri'])) {
throw new BadRequestException("Invalid client redirect URI: " . $params['redirect_uri']);
}
@@ -40,7 +40,7 @@ class OAuth2RequestHandler {
// Storing OAuth2 data in session
$oauth2Data = new OAuth2RequestData();
$oauth2Data->clientId = $client->client;
- $oauth2Data->redirectUrl = $client->redirectUrl;
+ $oauth2Data->redirectUrl = $params['redirect_uri'];
$oauth2Data->state = $state;
$oauth2Data->nonce = $nonce;
diff --git a/classes/model/BrowserBasedOAuth2Client.php b/classes/model/BrowserBasedOAuth2Client.php
index fce73fa665ffe1e72ad87792d86deb6ea38b7013..b4ffa124944dc8bea21818e2241d6fe058116539 100644
--- a/classes/model/BrowserBasedOAuth2Client.php
+++ b/classes/model/BrowserBasedOAuth2Client.php
@@ -31,7 +31,7 @@ class BrowserBasedOAuth2Client extends BrowserBasedClient {
public $client;
public $secretHash;
- public $redirectUrl;
+ private $redirectUrls;
public $scope;
public $homePage;
public $showInHome;
@@ -43,7 +43,7 @@ class BrowserBasedOAuth2Client extends BrowserBasedClient {
$this->secretHash = $config->secret;
$this->title = isset($config->label) ? $config->label : null;
$this->icon = isset($config->icon) ? $config->icon : null;
- $this->redirectUrl = $config->redirect;
+ $this->redirectUrls = isset($config->redirect) ? (is_array($config->redirect) ? $config->redirect : [$config->redirect]) : null;
$this->scope = $config->scope;
$this->homePage = isset($config->home) ? $config->home : null;
$this->showInHome = isset($config->showInHome) ? $config->showInHome : false;
@@ -56,4 +56,16 @@ class BrowserBasedOAuth2Client extends BrowserBasedClient {
return 'client-icons/';
}
+ public function validRedirectUrl(string $redirectUrl): bool {
+ if ($this->redirectUrls === null) {
+ return false;
+ }
+ foreach ($this->redirectUrls as $url) {
+ if ($redirectUrl === $url) {
+ return true;
+ }
+ }
+ return false;
+ }
+
}
diff --git a/include/admin.php b/include/admin.php
index b1380f1abb8d48f6de7c083e1884dc47d5659627..670e275c6e8862983df20c67dac70eec20faab48 100644
--- a/include/admin.php
+++ b/include/admin.php
@@ -88,30 +88,3 @@ Flight::route('POST /admin/keypair', function() {
"id" => $keyPair->keyId
]);
});
-
-function buildOAuth2ClientFromData() {
-
- $data = Flight::request()->data;
- $client = new \RAP\BrowserBasedOAuth2Client();
-
- if (isset($data)) {
- if (isset($data['id'])) {
- $client->id = $data['id'];
- }
- $client->title = $data['title'];
- $client->icon = $data['icon'];
- $client->client = $data['client'];
- $client->secret = $data['secret'];
- $client->redirectUrl = $data['redirectUrl'];
- $client->scope = $data['scope'];
- $client->homePage = $data['homePage'];
- $client->showInHome = $data['showInHome'];
- }
- if (isset($data['authMethods'])) {
- foreach ($data['authMethods'] as $method) {
- array_push($client->authMethods, $method);
- }
- }
-
- return $client;
-}
diff --git a/tests/OAuth2RequestHandlerTest.php b/tests/OAuth2RequestHandlerTest.php
index 9e90633b62116bf8eed4199026c5e70009bb0998..b952467e5343d7d4adfc64b876522fadcc7cd77a 100644
--- a/tests/OAuth2RequestHandlerTest.php
+++ b/tests/OAuth2RequestHandlerTest.php
@@ -62,7 +62,6 @@ final class OAuth2RequestHandlerTest extends TestCase {
"scope" => "email profile",
"methods" => []
]);
- $client->redirectUrl = "redirect_uri";
$sessionStub = $this->createMock(\RAP\SessionData::class);