Merge pull request #180 from owncloud/set-selector-cookie

add owncloud-selector cookie support
owncloud · Sep 16, 2021 · 4d15747 · 4d15747
2 parents 86c11a5 + c8692f9
commit 4d15747
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/lib/Controller/LoginFlowController.php b/lib/Controller/LoginFlowController.php
@@ -160,7 +160,15 @@ public function login(): RedirectResponse {
 			} else {
 				$this->logger->debug('Id token holds no sid: ' . \json_encode($openid->getIdTokenPayload()));
 			}
-			return new RedirectResponse($this->getDefaultUrl());
+			$response = new RedirectResponse($this->getDefaultUrl());
+			$openIdConfig = $openid->getOpenIdConfig();
+			$cookieName = $openIdConfig['ocis-routing-policy-cookie'] ?? 'owncloud-selector';
+			$cookieDirectives = $openIdConfig['ocis-routing-policy-cookie-directives'] ?? 'path=/;';
+			$attribute = $openIdConfig['ocis-routing-poclicy-claim'] ?? 'ocis.routing.policy';
+			if (\property_exists($userInfo, $attribute)) {
+				$response->addHeader('Set-Cookie', "$cookieName={$userInfo->$attribute};$cookieDirectives");
+			}
+			return $response;
 		}
 		$this->logger->error("Unable to login {$user->getUID()}");
 		return new RedirectResponse('/');

diff --git a/tests/unit/Controller/LoginFlowControllerLoginTest.php b/tests/unit/Controller/LoginFlowControllerLoginTest.php
@@ -184,4 +184,29 @@ public function testLoginCreateSuccessWithRedirect(): void {
 
 		self::assertEquals('http://localhost/index.php/apps/oauth2/foo/bla', $response->getRedirectURL());
 	}
+
+	public function testLoginCreateSuccessWithOCISRoutingPolicyCookie(): void {
+		$this->client->method('getOpenIdConfig')->willReturn([]);
+		$this->client->method('getUserInfo')->willReturn((object)['email' => '[email protected]','ocis.routing.policy'=>'ocis']);
+		$this->client->method('getIdToken')->willReturn('id');
+		$this->client->method('getAccessToken')->willReturn('access');
+		$this->client->method('getRefreshToken')->willReturn('refresh');
+		$this->client->method('readRedirectUrl')->willReturn('index.php/apps/oauth2/foo/bla');
+		$user = $this->createMock(IUser::class);
+		$this->userLookup->method('lookupUser')->willReturn($user);
+		$this->userSession->method('createSessionToken')->willReturn(true);
+		$this->userSession->method('loginUser')->willReturn(true);
+		$this->session->expects(self::exactly(3))->method('set')->withConsecutive(
+			['oca.openid-connect.id-token', 'id'],
+			['oca.openid-connect.access-token', 'access'],
+			['oca.openid-connect.refresh-token', 'refresh']
+		);
+
+		$response = $this->controller->login();
+
+		self::assertEquals('http://localhost/index.php/apps/oauth2/foo/bla', $response->getRedirectURL());
+
+		$headers = $response->getHeaders();
+		self::assertEquals('owncloud-selector=ocis;path=/;', $headers['Set-Cookie']);
+	}
 }