Update

2 files changed, 4 insertions, 55 deletions

diff --git a/oauth/embed/index.php b/oauth/embed/index.php
deleted file mode 100644
index d77be15..0000000
--- a/oauth/embed/index.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php

-

-header("Content-Type: text/plain");

-// TODO: handle errors

-$_CONFIG = json_decode(file_get_contents($_SERVER["DOCUMENT_ROOT"] . "/private/FamilineConfig.json"), true);

-

-if (!isset($_GET['code'])) {

-    die();

-}

-

-$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/private/app.json"), true);

-

-$crl = curl_init('https://' . $_CONFIG["Global"]["federation"]. '/auth/realms/Familine/protocol/openid-connect/token');

-curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);

-curl_setopt($crl, CURLINFO_HEADER_OUT, true);

-curl_setopt($crl, CURLOPT_POST, true);

-curl_setopt($crl, CURLOPT_HTTPHEADER, [

-    "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]),

-    "Content-Type: application/x-www-form-urlencoded",

-    "Accept: application/json"

-]);

-curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://" . $_CONFIG["Global"]["domain"] . "/oauth/embed") . "&code=" . $_GET['code']);

-

-$result = curl_exec($crl);

-var_dump($result);

-$result = json_decode($result, true);

-

-curl_close($crl);

-

-if (isset($result["access_token"])) {

-    $crl = curl_init('https://' . $_CONFIG["Global"]["federation"]. '/auth/realms/Familine/protocol/openid-connect/userinfo');

-    curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);

-    curl_setopt($crl, CURLINFO_HEADER_OUT, true);

-    curl_setopt($crl, CURLOPT_HTTPHEADER, [

-        "Authorization: Bearer " . $result["access_token"],

-        "Accept: application/json"

-    ]);

-

-    $result = curl_exec($crl);

-    var_dump($result);

-    $result = json_decode($result, true);

-

-    $token = bin2hex(random_bytes(32));

-    $result["login"] = $result["preferred_username"];

-    $result["name_internal"] = $result["name"];

-    $result["name"] = $result["family_name"] . " " . $result["given_name"];

-    $result["id"] = $result["sub"];

-    file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . $token, json_encode($result));

-    setcookie("FL_SESSION_TOKEN", $token, strtotime('+365 days'), "/", "." . $_CONFIG["Global"]["domain"], true, true);

-

-    header("Location: /statusbar.php");

-}
\ No newline at end of file
diff --git a/oauth/index.php b/oauth/index.php
index 3a98390..b58c9ed 100644
--- a/oauth/index.php
+++ b/oauth/index.php
@@ -19,8 +19,9 @@ curl_setopt($crl, CURLOPT_HTTPHEADER, [
     "Content-Type: application/x-www-form-urlencoded",

     "Accept: application/json"

 ]);

-curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://" . $_CONFIG["Global"]["domain"] . "/oauth") . "&code=" . $_GET['code']);

+curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://" . $_CONFIG["Global"]["domain"] . "/oauth/?r=" . $_GET['r']) . "&code=" . $_GET['code']);

 

+var_dump("grant_type=authorization_code&redirect_uri=" . urlencode("https://" . $_CONFIG["Global"]["domain"] . "/oauth/?r=" . $_GET['r']) . "&code=" . $_GET['code']);

 $result = curl_exec($crl);

 var_dump($result);

 $result = json_decode($result, true);

@@ -46,7 +47,7 @@ if (isset($result["access_token"])) {
     $result["name"] = $result["family_name"] . " " . $result["given_name"];

     $result["id"] = $result["sub"];

     file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/private/tokens/" . $token, json_encode($result));

-    setcookie("FL_SESSION_TOKEN", $token, strtotime('+365 days'), "/", "." . $_CONFIG["Global"]["domain"], true, true);

+    setcookie("FL_SESSION_TOKEN", $token, 0, "/", "." . $_CONFIG["Global"]["domain"], true, true);

 

-    header("Location: /");

+    header("Location: " . $_GET['r']);

 }
\ No newline at end of file