N°5395 - Errors from OAuth servers for email are not well handled

2026-04-25 11:38:44 +02:00 · 2022-08-10 14:57:26 +02:00
parent 62aaaabd7e
commit 7f7538ed58
4 changed files with 59 additions and 17 deletions
--- a/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php
+++ b/datamodels/2.x/itop-oauth-client/src/Controller/AjaxOauthClientController.php
@@ -49,26 +49,66 @@ class AjaxOauthClientController extends Controller

 		$sRedirectUrl = utils::ReadParam('redirect_url', '', false, 'raw');

-		$sRedirectUrlQuery = parse_url($sRedirectUrl)['query'];
+		$aResult = [];
+		$aResult['status'] = 'error';
+		$aURL = parse_url($sRedirectUrl);
+		if (isset($aURL['query'])) {
+			$sRedirectUrlQuery = $aURL['query'];
+			$aQuery = [];
+			parse_str($sRedirectUrlQuery, $aQuery);
+			if (isset($aQuery['error'])) {
+				$aResult['status'] = 'error';
+				if (isset($aQuery['error_description'])) {
+					$aResult['error_description'] = $aQuery['error_description'];
+				}
+			}
+			if (isset($aQuery['code'])) {
+				$sCode = $aQuery['code'];
+				$oAccessToken = OAuthClientProviderFactory::GetAccessTokenFromCode($oOAuthClient, $sCode);

-		$aQuery = [];
-		parse_str($sRedirectUrlQuery, $aQuery);
-		$sCode = $aQuery['code'];
-		$oAccessToken = OAuthClientProviderFactory::GetAccessTokenFromCode($oOAuthClient, $sCode);
+				$oOAuthClient->SetAccessToken($oAccessToken);

-		$oOAuthClient->SetAccessToken($oAccessToken);

-		cmdbAbstractObject::SetSessionMessage(
-			$sClass,
-			$sId,
-			"$sClass:$sId:TokenCreated",
-			$bIsCreation ? Dict::S('itop-oauth-client:Message:TokenCreated') : Dict::S('itop-oauth-client:Message:TokenRecreated'),
-			'ok',
-			1,
-			true
-		);

-		$aResult = ['status' => 'success'];
+				$aResult['status'] = 'success';
+			}
+		} else {
+			$aResult['status'] = 'error';
+			$aResult['error_description'] = 'Redirect URL Format not recognized';
+		}
+
+		switch ($aResult['status']) {
+			case 'success':
+				cmdbAbstractObject::SetSessionMessage(
+					$sClass,
+					$sId,
+					"$sClass:$sId:TokenCreated",
+					$bIsCreation ? Dict::S('itop-oauth-client:Message:TokenCreated') : Dict::S('itop-oauth-client:Message:TokenRecreated'),
+					'ok',
+					1,
+					true
+				);
+				if ($bIsCreation) {
+					IssueLog::Info("Token created for $sClass:$sId");
+				} else {
+					IssueLog::Info("Token recreated for $sClass:$sId");
+				}
+				break;
+
+			case 'error':
+				cmdbAbstractObject::SetSessionMessage(
+					$sClass,
+					$sId,
+					"$sClass:$sId:TokenError",
+					$aResult['error_description'] ?? Dict::S('itop-oauth-client:Message:TokenError'),
+					'error',
+					1,
+					true
+				);
+				IssueLog::Error("Token creation failed for $sClass:$sId", null, $aResult);
+				break;
+		}
+
 		$aResult['data'] = utils::GetAbsoluteUrlAppRoot()."pages/UI.php?operation=details&class=$sClass&id=$sId";

 		$this->DisplayJSONPage($aResult);